Hackers are using malicious money lending apps to blackmail and threaten victims into paying exorbitant amounts of money. Zimperium researchers recently found a
Flutter-obfuscated app and variants distributing a malware under a new campaign dubbed MoneyMonger (some sources have also named the malware as MoneyMonger).
Exploiting Flutter to distribute malware
The malicious actors behind the MoneyMonger campaign are constantly developing and updating the apps to evade detection.
- The malicious apps rely on geo-specific targeting. One of the malicious apps is targeting Indian residents, while several other variants are targeting residents of Peru.
- Attackers obfuscate the malicious app’s built-in code with the Flutter framework and add XOR encryption to avoid traditional Android malware detection.
So far, the malicious apps are not available on the Google Play Store and are being distributed through third-party app stores.
Campaign overview
Threat actors use multiple layers of social engineering to distribute the malicious apps that offer loans by following a few simple instructions.
- Hackers use malware to trick victims to obtain local permissions on the devices, enabling the leak of private information.
- The stolen data includes contacts, messages, pics taken from the camera, GPS location data, sound recording, call logs, and storage data.
- Hackers threaten victims to reveal information, call people from the contact list, and even blackmail to distribute stolen photos.
A past connection
This scam appears to be a part of a bigger predatory loan scam which was initially found in May by K7 Security Labs. Then, experts found an app named Cash Advance in Google Play Store.
- On installation, it requests a list of permissions and collects all SMS details, contact list, access camera, storage, installed applications, and device IP address.
- Later, it threatens the user by sending abusive messages and stolen images to the collected contact list and even uploads this information to their site.
Conclusion
Attackers have long been using social engineering techniques and other methods to trick users into downloading infected apps. For apps downloaded from third-party sources or Google Play, users should read the reviews before downloading any app and be aware of what information the app collects from their device.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/907f_shutterstock_1996389959.jpeg)
/https://cyware-ent.s3.amazonaws.com/image_bank/cb4f_shutterstock_2121565862.jpeg)
