The inventors of FluBot have hurled a fresh campaign that uses false Android security update warnings to trick potential victims into installing the malware on their android smartphones.
In a fresh blog post, Ne Zealand’s computer emergency response team Cert NZ has warned users that the message on the malware’s new installation file is truly a trap designed to install a sense of emergency that tricks users into installing FluBot on their own devices.
The fresh FluBot installation page, which users are led to after receiving false messages regarding awaiting or missed package distributions or even stolen photos uploaded online, notifies them that their devices are infected with FluBot which is a form of Android spyware used to steal financial login and password details from their devices. However, by installing a fresh security update, they can remove FluBot from their Android smartphone.
This new page also goes one step ahead by tutoring users to enable the installation of apps from unknown sources on their devices. By doing so, the hackers or cyber criminals’ fake security updates can be installed on their device and while a user may think they have taken action to protect against FluBot, they have truly installed the malware on their phone themselves.
Changing Tactic of Flubot lets knows more!
Until now, Flubot was a blowout to Android smartphones through spam text messages using contacts stolen from devices that were already infected with the malware. These messages would train probable victims to install applications on their devices in the form of APKs that were circulated by attacker-organized servers.
Once FluBot has been installed on a device, the malware often tries to pretend victims into giving it extra permissions as well as granting access to the Android Accessibility service which permits it to run in the background and implement other malicious tasks.
Overall, FluBot is well capable of stealing a user’s payment and banking info by using overlay attacks where an overlay is located on the top of the legitimate banking, payment, and cryptocurrency apps. As we already mentioned before, that the malware will also steal a user’s contacts to send them phishing messages to assist spread FluBot even more.
While FluBot was mostly used to target users in Spin at its inception, its operators have since extended the campaign to aim at extra countries in Europe including Germany, Hungary, UK, Switzerland, Poland, Australia as well as Japan in recent months.