Using malicious apps that look like legit money-lending services, threat actors have been able to trick potentially thousands of victims. Attackers behind the campaign are using the Flutter framework. MoneyMonger “takes advantage of Flutter’s framework to obfuscate malicious features and complicate the detection of malicious activity by static analysis,” Zimperium points out. “Due to the nature of Flutter, the malicious code and activity now hide behind a framework outside the static analysis capabilities of legacy mobile security products.” It is worth noting the loan apps the group is using are not available on the Google Play Store. In other words, users who only download apps from Android’s official marketplace are safe. However, millions of users get apps from other app stores or sideloading from social media. So much so that the trick apps have been downloaded more than 100,000 times. Once the malicious app is installed on an Android device, it will ask the user to give permissions. This is normal for apps, so the victim may not see any issue with agreeing to access. To add an extra incentive, the app says providing permissions will guarantee access to a loan.
Scam
Once the permissions are given, the app will collect data regarding contacts, text messages, locations, photos, files, audio recordings, and call logs. The attackers then use this data to blackmail users into paying extremely high-interest rates on their loans. Oh yes, that’s the interesting part; these really are loan apps and not just pretending to be. The kicker is they are using malicious tactics to blackmail “customers”. Not agreeing to the payment plan or missing a payment comes with a threat that personal information will be revealed, including photos. Tip of the day: Did you know that you can assign keyboard shortcuts for starting applications quickly in Windows 11 and Windows 10? This is a great way to have your most used programs always at your fingertips. In our tutorials we show you how to set those hotkeys for your favorite apps.