SYDNEY, December 16. Zimperium, the only mobile security platform purpose-built for enterprise environments, today revealed details of a newly discovered Android malware campaign hidden in money lending apps developed with Flutter, a software development kit used to create applications that work across multiple platforms, including Android and iOS.
The Zimperium zLabs team discovered this threat, dubbed MoneyMonger, which uses personal information stolen from a device to blackmail victims into paying more than the terms that their predatory loans required. This code is part of a larger predatory loan malware campaign previously discovered by K7 Security Labs.
MoneyMonger takes advantage of Flutter’s framework to obfuscate malicious features and complicate the detection of malicious activity by static analysis. Due to the nature of Flutter, the malicious code and activity now hide behind a framework outside the static analysis capabilities of legacy mobile security products.
The MoneyMonger malware is distributed solely through third-party app stores or is sideloaded onto the victim’s device through phishing messages, compromised websites, social media campaigns or other tactics. It has not been found in any Android app stores.
Active since May 2022, this novel malware uses multiple layers of social engineering to take advantage of its victims, beginning with a predatory loan scheme promising quick money. In the process of setting up the app, the victim is told that permissions are needed on the mobile endpoint to ensure they are in good standing to receive the loan. Once the malicious actors gain access to steal private information from the endpoint, MoneyMonger uploads victims’ critical and personal data to its server, including installed apps, GPS locations, SMS