"Blackmailing MoneyMonger Malware Hides in Flutter Mobile Apps"

MoneyMonger, an Android malware campaign, was discovered hidden in money-lending apps created with Flutter. According to research conducted by the Zimperium zLabs team, the malware leverages multiple levels of social engineering to exploit its victims and enables bad actors to steal private data from personal devices and use it to blackmail individuals. Zimperium experts say the MoneyMonger malware, spread through third-party app stores and sideloaded onto victims' Android devices, was designed to target those who need quick cash. It employs different levels of social engineering to exploit its victims, beginning with a predatory loan scheme and the promise of rapid cash for those who follow a few basic instructions. During the installation process, the victim is informed that certain permissions are required on the mobile device to verify their eligibility for a loan. These permissions are then used to capture and exfiltrate information, including the contact list, GPS location data, a list of installed applications, sound recordings, call logs, SMS lists, and storage and file lists. It also acquires access to cameras. This stolen information could be used to blackmail and intimidate people into paying high interest rates. If the victim fails to pay on time, and in some situations even after the loan has been repaid, the malicious actors threaten to disclose information, call individuals from the contact list, and transfer images from the device. One of the novel characteristics of this malware is its use of the Flutter Software Development Kit (SDK) to hide malicious code. While the open-source User Interface (UI) software kit Flutter has been a game-changer for application developers, bad actors have leveraged its capabilities and structure to launch apps with severe security and privacy risk to victims. MoneyMonger takes advantage of Flutter's framework to hide features and make the detection of malicious behavior via static analysis difficult. According to Richard Melick, director of mobile threat intelligence at Zimperium, consumers who use money lending apps are most at risk, but due to the nature of this threat and the manner in which attackers steal sensitive information for blackmail, they also put their employers or other organizations at risk. This article continues to discuss findings regarding the MoneyMonger Android malware campaign, the resurgence of banking Trojans, and the expected rise in blackmail threats in 2023. 

Dark Reading reports "Blackmailing MoneyMonger Malware Hides in Flutter Mobile Apps"