Connect with Us!
Subscribe to receive new blog post from PureID in your mail box
FluBot is a banking malware that is specifically attacking Android phones and stealing bank details and passwords from your device. Like Covid-19, this malware has spread across a wide range of English speaking countries rapidly causing some irreparable damage.
FluBot uses “smishing” - phishing using SMS and text messages. These attacks have seen a huge rise in the recent past.
Originated in Spain, then spread to Germany, Hungary, Italy, Poland and UK, the malware is believed to have made over 7,000 victims in the UK alone, where the campaign operators were using more than 700 unique domains for the distribution of FluBot.
Proofpoint says that U.S. users have already started receiving German and English-language phishing SMS messages, suggesting that the threat actor is getting ready to expand to this country. The pattern is similar to how the attacks started in the UK, where users first received German messages and then English ones.
Smishing
Here, an SMS with a malicious link is sent to the user disguising as famous delivery service organisations such as DHL & FedEx, on an hourly basis.
The malware requires user interaction to get access to the Android device.
On clicking the link you’re redirected to a fake website, where you have to download an APK.
Permission Acquisition
During the installation of this fake app, a misleading prompt appears asking for full access to SMS and networking, address book including device management.
The Attack
The malware after acquiring complete permissions carries out the malicious activity which includes and is not limited to
The National Cyber Security Centre (NCSC) warns users about this malware and its methodology, where you are obligated to download a tracking app because of a missed package. It recommends Android users to practice following precautions
As long as systems are using passwords, adversaries will find various ways and tools to steal them. We highly recommend that enterprises adopt passwordless authentication for critical services.
References:
https://www.ncsc.gov.uk/guidance/flubot-guidance-for-text-message-scam
https://blog.f-secure.com/flubot-android-malware/
https://www.91mobiles.com/hub/flubot-malware-android-phone-steals-netbanking-passwords/
Subscribe to receive new blog post from PureID in your mail box