Android spyware initially targeted Spain, has moved into Europe
Note: We are reader supported and may earn a small commission when you click on links in posts
FluBot malware is infecting Android mobile devices across Europe. The Android malware tricks victims with fake delivery service notifications sent via SMS text messages. If the victim is fooled by the notification and clicks on a malicious link in the text message, spyware is installed on their Android device.
FluBot malware is capable of stealing payment card numbers and bank account information stored in other apps on compromised phones. It can function as spyware and can read all of your private messages including accessing videos and photos.
“Proofpoint has seen German and English-language SMS messages being sent to U.S. users from Europe, which may be the result of the malware sending to everyone on the infected devices’ contact lists,” say cyber security researchers at Proofpoint.
The Android malware was first detected in May 2020. It quieted down for a while, but malicious activity attributed to this malware has increased.
How FluBot Infects Your Phone
FluBot uses SMS Phishing messages to lure targets into clicking on a link. The text message informs the recipient that they have a package arriving from a delivery service – FedEx, DHL, etc. If the target is fooled by the message and clicks on the tracking link for a non-existent package, they are prompted to download an app. The app is harmful but looks legitimate as it spoofs various delivery services using their branding to trick the user.
Upon installation the app requests full access to the infected device including Android Accessibility Service and Notification access.
If access is granted by the device user, the malware can steal credit card numbers of banking logins and any other information stored on the phone or in other apps.
The Android malware also hijacks the infected phone to send more SMS phishing messages to people on the infected device’s contact list.
The Android malware can intercept SMS text messages as well as USSD message. it can also open an infected device’s web browser, uninstall other apps, and even work is a command and control (C2) server.
“Proofpoint estimates that there are about 7,000 currently infected devices spreading the English-language campaign through the UK, but the volume of malicious SMS messages can number in the tens of thousands per hour and some mobile subscribers have received up to six SMS messages with the FluBot link,” says Proofpoint
A device infected with FluBot can send more spam text message too.
FluBot has spread to Android phones in Spain, United Kingdom, Germany, Hungary, Italy, and Poland. So far, the Android malware is not targeting phones of the United States, but it certainly could make the leap across the pond. FluBot initially targets Anderson Spain but then began to incorporate UK messages as well as German-language messages attacks.
How to Stop Android Malware
FluBot malware can steal your payment card number and bank account credentials. The information is sent back to the hackers who then steal all of your money.
It acts as spyware and steal any information stored on your phone or in other apps.
“As long as there are users willing to trust an unexpected SMS message and follow the threat actors’ provided instructions and prompts, campaigns such as these will be successful,” Proofpoint reminds device users.
- Never click on the link in a text message or email that you were not expecting
- Don’t click on links in messages even if it’s from a retailer that you recognize, but you have not subscribed to their messaging service
- Use an antivirus app on your phone to protect it from harmful SMS phishing messages and scam emails
- Use a reliable antivirus app on your computers, tablets, and laptops to protect them from malware and scam emails
- Never install an app outside of an official app store or the app creator’s official website. Scrutinize all the permissions that an app is asking for upon installation. If an app prompts you for invasive permissions with too much access, don’t install the app. Delete it. For example, if a keyboard app asks permission to access all of your photos or contact list, it may be a scam.