Fluhorse

Malware Profile Updated 3 months ago

Download STIX

Preview STIX

FluHorse, a newly discovered malware strain, has been active since May 2022 and was first documented by Check Point in early May 2023. This Android stealer is typically distributed via email phishing campaigns and mimics popular apps or appears as a fake dating application to deceive victims into installation. The malware targets multiple sectors in Eastern Asia, with previous research indicating that FluHorse has been downloaded over 100,000 times. Its activity has been under continuous scrutiny by cybersecurity researchers, who have noted the emergence of new infrastructure nodes and malicious applications every month. The inner workings of FluHorse were shared by cybersecurity researchers on June 29, 2023. After successful installation, FluHorse's code performs an HTTP POST of the SMS message and reads the response, enabling it to steal personal information. Despite its basic obfuscation and lack of packing, researchers managed to fully reverse-engineer the FluHorse malware in a static manner, without the need for dynamic execution, providing valuable insights into its operation. The discovery and analysis of FluHorse comes at a time when the APAC region is experiencing a significant increase in cyberattacks. According to Check Point Research, the average organization in APAC was attacked 1,835 times per week in the first quarter of 2023. As such, FluHorse represents a concerning addition to the landscape of threats facing organizations and individuals in this region, highlighting the persistent danger posed by such campaigns.

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Phishing

Android

Apac

Fraud

Banking

Associated Malware

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Associated Threat Actors

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
Neo	Unspecified	1	Neo, a threat actor, has been identified as a significant risk to cybersecurity and public safety. The threat actor has been associated with two significant vulnerabilities (CVE-2023-32268 and CVE-2023-46282) in Opcenter Quality and SIMATIC PCS neo, both prevalent software systems used across indust

Associated Vulnerabilities

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
Assault	Unspecified	1	The term "assault" in this context refers to a variety of aggressive actions, ranging from cyber attacks to physical violence. One significant event occurred on October 7, 2023, when Hamas launched a coordinated cross-border assault on Israel, marking the official start of the Israel-Hamas War. This

Source Document References

Information about the Fluhorse Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source	CreatedAt	Title
Fortinet	a year ago	Fortinet Reverses Flutter-based Android Malware “Fluhorse” \| FortiGuard Labs
CERT-EU	a year ago	Fluhorse: Flutter-Based Android Malware Targets Credit Cards and 2FA Codes \| IT Security News
CERT-EU	a year ago	FluHorse : Newly Discovered Malware Disguised as Legitimate and Popular Android Apps Targeting East Asia Highlights – Global Security Mag Online
CERT-EU	a year ago	New Weaponized Android Apps With 1M Installs Steals 2FA Codes & Passwords
CERT-EU	a year ago	Check Point Research découvre un nouveau malware dissimulé sous forme d'applications Android légitimes et bien connues, destinées à l'Asie orientale – Global Security Mag Online
CERT-EU	a year ago	New Android Trojans Infected Many Devices in Asia via Google Play, Phishing
CERT-EU	a year ago	New Android Malware 'FluHorse' Targeting East Asian Markets with Deceptive Tactics
Checkpoint	a year ago	8th May – Threat Intelligence Report - Check Point Research
CERT-EU	a year ago	Android: How hackers are ‘spreading Android apps’ that can steal passwords, 2FA codes \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker – National Cyber Security Consulting
CERT-EU	a year ago	New malware strain hits Eastern Asia
CERT-EU	a year ago	Malware Disguised As Legitimate Android Apps
CERT-EU	a year ago	Anomali Cyber Watch: Custom Virtual Environment Hides FluHorse, BabyShark Evolved into ReconShark, Fleckpe-Infected Apps Add Expensive Subscriptions