← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
EASTERN ASIAN ANDROID ASSAULT – FLUHORSE
WHITE Superpro 2023-05-08 Modified: 2023-05-08
40
IOCs
MEDIUM VOLUME
A new malware called FluHorse has been discovered, which targets different sectors of Eastern Asian markets through malicious Android applications that mimic legitimate ones. These apps have already been downloaded more than a million times and can steal victims' credentials and 2FA codes. The malware is distributed via emails, and in some cases, the emails used in the first stage of the attacks belong to high-profile entities. FluHorse is a persistent and dangerous threat that can remain undetected for months.
object poolc serverflutterdartandroidcheck pointelectronic tolldart objectfluhorseetc apkfuturevirustotalplayphishingnightloveexamplewindowfirstcodeformatevil
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Object Pool
Indicators of Compromise (3 / 40 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
URL https://jp.yelove.xyz/addcontent2 2023-05-08
URL https://www.fetc-net.com 2023-05-08
URL https://www.guardsquare.com/blog/current-state-and-future-of-reversing-flutter-apps 2023-05-08
References (1)
↗ https://research.checkpoint.com/2023/eastern-asian-android-assault-fluhorse/