Blackmailers are using Flutter’s framework in a newly-discovered Android malware campaign. The attacker then leverages that personal information to blackmail victims into paying more than the terms that their predatory loans required. MoneyMonger takes advantage of Flutter’s framework to “obfuscate malicious features and complicate the detection of malicious activity by static analysis,” the company said.
The MoneyMonger malware is distributed through third-party app stores — although it has not been found in any Android app stores, the company stated — or is sideloaded onto the victim’s device through a phishing message, compromised website or social media campaigns, https://www.zimperium.com/blog/moneymonger-predatory-loan-scam-campaigns-move-to-flutter/. The code found is part of a larger predatory loan malware campaign previously discovered by https://labs.k7computing.com/ and has been active since May 2022.