Threat actors have been exploiting the open-source user interface (UI) software kit Flutter to deploy apps with critical security and privacy risks.
The findings come from security researchers at Zimperium, who published an advisory about the new threat earlier today.
“While Flutter has been a game changer for application developers, malicious actors have also taken advantage of its capabilities and framework,” the team wrote.
In particular, the Zimperium zLabs team said it recently discovered and analyzed a Flutter application with malicious code.
The code, part of a more extensive, predatory loan malware campaign previously discovered by K7 Security Labs, uses Flutter’s framework to obfuscate malicious features and complicate the detection of malicious activity via static analysis.
“Due to the nature of Flutter, the malicious code and activity now hide behind a framework outside the static analysis capabilities of legacy mobile security products,” wrote Fernando Ortega, malware researcher at Zimperium.
Dubbed by the team as ‘MoneyMonger,’ the malicious app has not reportedly been detected in official Android stores.
“This novel malware campaign is solely distributed through third-party app stores and sideloaded onto the victim’s Android device,” Ortega explained.
According to Ortega, the new variant of the malicious loan campaign has been active since at least May 2022.
“The MoneyMonger malware uses multiple layers of social engineering to…
