Zimperium Discovers Novel Predatory Loan Malware In Flutter Apps

Zimperium, have revealed details of a newly discovered Android malware campaign hidden in money lending apps developed with Flutter, a software development kit used to create applications that work across multiple platforms, including Android and iOS

The team at Zimperium zLabs have unearthed MoneyMonger, a menace that takes advantage of personal data taken from a device to extort the victims into paying more than what the usurious loans necessitate.

The malicious code is a part of the predatory loan malware scheme previously discovered by K7 Security Labs.

This recently identified malicious software has been operational since May 2022 and is utilising a variety of methods of manipulating its targets. It starts with a fraudulent loan offer that promises a fast payout.

When the person attempts to access the app, they are informed that certain authorizations need to be granted on their mobile device in order for them to qualify for the loan.

MoneyMonger takes advantage of Flutter’s framework to obfuscate malicious features and complicate the detection of malicious activity by static analysis.

Due to the nature of Flutter, the malicious code and activity now hide behind a framework outside the static analysis capabilities of legacy mobile security products.

The MoneyMonger malware is distributed solely through third-party app stores or is sideloaded onto the victim’s device through phishing messages, compromised websites, social media campaigns or other tactics. It has not been found in any Android app stores.

Upon infiltrating a user’s device, MoneyMonger will send all kinds of private information to their server, including apps that are installed, GPS coordinates, text messages, contact list, device specifications, and other data related to images.

This stolen information is used to blackmail and threaten victims into paying excessively high-interest rates. If the victim fails to pay on time, and in some cases even after the loan is repaid, the malicious actors threaten to reveal information, call people from the contact list, and even send photos from the device.

MoneyMonger is a risk to individuals and enterprises because it collects a wide range of data from the victim’s device,…