← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
EASTERN ASIAN ANDROID ASSAULT – FLUHORSE
WHITE Superpro 2023-05-08 Modified: 2023-05-08
40
IOCs
MEDIUM VOLUME
A new malware called FluHorse has been discovered, which targets different sectors of Eastern Asian markets through malicious Android applications that mimic legitimate ones. These apps have already been downloaded more than a million times and can steal victims' credentials and 2FA codes. The malware is distributed via emails, and in some cases, the emails used in the first stage of the attacks belong to high-profile entities. FluHorse is a persistent and dangerous threat that can remain undetected for months.
object poolc serverflutterdartandroidcheck pointelectronic tolldart objectfluhorseetc apkfuturevirustotalplayphishingnightloveexamplewindowfirstcodeformatevil
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Object Pool
Indicators of Compromise (5 / 40 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 30ea6d3b6badfa77891a2d4a3e3993c5921fe18f SHA1 of d8a777b050ba27eeb41c0035f3477882d7eafc56edfcbe1e8cef05a7e85c8b9e 2023-05-08
FileHash-SHA1 6162a7d9dd5e78ff820723e580a8448f8afbad5f SHA1 of 416e22d6b85d6633d1da000058efb3cd597b8b7df5d77a6c3456464d65a775b3 2023-05-08
FileHash-SHA1 6d1064f8ac67cdd284df5abf4e05627d8a002310 SHA1 of 8b591b5488dab8adb485ea55197148d6b39715da562537c7d8b1a79cd3639510 2023-05-08
FileHash-SHA1 7571200a475d5d8f4855f776f0591245b617fd56 SHA1 of 74008170fc5de4d40bcc97b8e2c6fbdb01889805c6ca456fd08134881cad0d2c 2023-05-08
FileHash-SHA1 8a2465a501a92c876603a6d06d4d9e956ac40765 SHA1 of 9220752302e2bca0002ea701c772b2f2306831711b1c323157ef2573f176821a 2023-05-08
References (1)
↗ https://research.checkpoint.com/2023/eastern-asian-android-assault-fluhorse/