Fluhorse

FluHorse, a newly discovered malware strain, has been active since May 2022 and was first documented by Check Point in early May 2023. This Android stealer is typically distributed via email phishing campaigns and mimics popular apps or appears as a fake dating application to deceive victims into installation. The malware targets multiple sectors in Eastern Asia, with previous research indicating that FluHorse has been downloaded over 100,000 times. Its activity has been under continuous scrutiny by cybersecurity researchers, who have noted the emergence of new infrastructure nodes and malicious applications every month. The inner workings of FluHorse were shared by cybersecurity researchers on June 29, 2023. After successful installation, FluHorse's code performs an HTTP POST of the SMS message and reads the response, enabling it to steal personal information. Despite its basic obfuscation and lack of packing, researchers managed to fully reverse-engineer the FluHorse malware in a static manner, without the need for dynamic execution, providing valuable insights into its operation. The discovery and analysis of FluHorse comes at a time when the APAC region is experiencing a significant increase in cyberattacks. According to Check Point Research, the average organization in APAC was attacked 1,835 times per week in the first quarter of 2023. As such, FluHorse represents a concerning addition to the landscape of threats facing organizations and individuals in this region, highlighting the persistent danger posed by such campaigns.