Fluhorse

Malware Profile Updated 13 days ago
Download STIX
Preview STIX
FluHorse, a newly discovered malware strain, has been active since May 2022 and was first documented by Check Point in early May 2023. This Android stealer is typically distributed via email phishing campaigns and mimics popular apps or appears as a fake dating application to deceive victims into installation. The malware targets multiple sectors in Eastern Asia, with previous research indicating that FluHorse has been downloaded over 100,000 times. Its activity has been under continuous scrutiny by cybersecurity researchers, who have noted the emergence of new infrastructure nodes and malicious applications every month. The inner workings of FluHorse were shared by cybersecurity researchers on June 29, 2023. After successful installation, FluHorse's code performs an HTTP POST of the SMS message and reads the response, enabling it to steal personal information. Despite its basic obfuscation and lack of packing, researchers managed to fully reverse-engineer the FluHorse malware in a static manner, without the need for dynamic execution, providing valuable insights into its operation. The discovery and analysis of FluHorse comes at a time when the APAC region is experiencing a significant increase in cyberattacks. According to Check Point Research, the average organization in APAC was attacked 1,835 times per week in the first quarter of 2023. As such, FluHorse represents a concerning addition to the landscape of threats facing organizations and individuals in this region, highlighting the persistent danger posed by such campaigns.
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Android
Phishing
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Fluhorse Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
Anomali Cyber Watch: Custom Virtual Environment Hides FluHorse, BabyShark Evolved into ReconShark, Fleckpe-Infected Apps Add Expensive Subscriptions
Fortinet
10 months ago
Fortinet Reverses Flutter-based Android Malware “Fluhorse” | FortiGuard Labs
CERT-EU
a year ago
Android: How hackers are ‘spreading Android apps’ that can steal passwords, 2FA codes | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker – National Cyber Security Consulting
CERT-EU
a year ago
Malware Disguised As Legitimate Android Apps
CERT-EU
a year ago
New Android Trojans Infected Many Devices in Asia via Google Play, Phishing
CERT-EU
a year ago
Check Point Research découvre un nouveau malware dissimulé sous forme d'applications Android légitimes et bien connues, destinées à l'Asie orientale – Global Security Mag Online
CERT-EU
a year ago
New Weaponized Android Apps With 1M Installs Steals 2FA Codes & Passwords
Checkpoint
a year ago
8th May – Threat Intelligence Report - Check Point Research
CERT-EU
a year ago
New malware strain hits Eastern Asia
CERT-EU
a year ago
FluHorse : Newly Discovered Malware Disguised as Legitimate and Popular Android Apps Targeting East Asia Highlights – Global Security Mag Online
CERT-EU
a year ago
New Android Malware 'FluHorse' Targeting East Asian Markets with Deceptive Tactics
CERT-EU
a year ago
Fluhorse: Flutter-Based Android Malware Targets Credit Cards and 2FA Codes | IT Security News