Researchers at mobile security company Zimperium Inc.’s zLabs today revealed details of a newly discovered Android malware campaign hidden in money lending apps developed with the Flutter software development kit.
Flutter is a multiplatform user interface app development framework from Google LLC that’s used to create applications that work across multiple platforms, including Android and iOS. The malware campaign, dubbed MoneyMonger, uses personal information stolen from a device to blackmail victims into paying more than the terms that their predatory loans required.
MoneyMonger is said to take advantage of Flutter’s framework to obfuscate malicious features and complicate the detection of malicious activity by static analysis. The malicious code and activity hide behind the Flutter framework, missed by the analysis capabilities of legacy mobile security products, the researchers say.
It’s distributed in apps available on third-party app stores and can also be sideloaded onto a victim’s device through phishing messages, compromised websites, social media campaigns and other tactics.
Active since May 2022, this malware uses multiple layers of social engineering to take advantage of its victims, beginning with a predatory loan scheme promising quick money. As victims install an infected app, they’re told that permissions are needed on the mobile endpoint to ensure they’re in good standing to receive the loan. Once the malicious actors gain…
