Why FluBot is a major threat to Android users, how to avoid it, and how to get rid of malware if your device is already infected.
The malware Android known as FluBot continues to wreak havoc in some European countries and there is speculation that cybercriminals hiding behind it may decide to strike in other geographical areas, such as the United States.
The FluBot malware targets mainly Android and iPhone users and was first discovered in Spain in late December 2020 by cybersecurity company ESET. Apart from Spain, it has spread to Germany, Poland, Italy and the Netherlands to date, and it is very likely that the cybercriminals behind it will decide to target other countries, including Greece.
Από το τέλος Δεκεμβρίου 2020 έως το τέλος Φεβρουαρίου 2021, ο κύριος στόχος του FluBot ήταν σαφώς οι Ισπανοί χρήστες Android. Στα τέλη Φεβρουαρίου, σύμφωνα με εκpriceσεις, έως και 60.000 συσκευές Android στην Ισπανία είχαν πέσει θύματα του FluBot. Επιπλέον, περισσότεροι από 11 εκατομμύρια αριθμοί τηλεφώνου, σχεδόν όλοι ανήκουν σε κατοίκους της Ισπανίας, είχαν πέσει στα χέρια των χειριστών του FluBot.
Here's why you need to be careful
If someone falls victim to a malicious attack, then the cybercriminal gains access to his device. This means that the cybercriminal will be able to steal credit card numbers and gain access to the victim's online bank accounts.
So he deceives his victims
The victim first receives an SMS message that appears to have been sent by a well-known logistics company, such as FedEx, DHL and, in the case of Spain, Correos.
The message prompts the user to click on a link to download and install an application that appears to belong to the same company as the one that sent the SMS.
It's actually a malicious application that has the FluBot malware built into it. A sample of the SMS message and the application installation message (in German) can be seen below:
Once installed and licensed, FluBot releases a host of features, including SMS spamming, credit card and credit card number theft, and spyware software.
The contact list is then sent to servers under the control of fraudsters, providing them with additional personal information and allowing them to launch new attacks on other potential victims.
Cybercriminals can intercept SMS messages and notifications from telecom companies, open browser pages and by using cloaking techniques screen, να ζητούν και να αποσπούν διαπιστευτήρια.
The malicious application also disables Google Play Protect to prevent detection by embedded operating system security. Also, due to the permissions granted, cybercriminals are able to block the installation of anti-malware solutions by third parties.
What can you do
If you receive an unknown or unexpected SMS with a link, avoid clicking on the link and delete the message immediately.
Εάν το κακόβουλο λογισμικό έχει εγκατασταθεί σε μια συσκευή και έχει πραγματοποιηθεί τραπεζική συναλλαγή ή άλλη δραστηριότητα από τότε που πραγματοποιήθηκε η εγκατάσταση, επικοινωνήστε με τους ενδιαφερόμενους οργανισμούς αμέσως και μπλοκάρετε την πρόσβαση. Επίσης, όπου χρειάζεται, αλλάξτε κωδικούς πρόσβασης – θυμηθείτε να usesτε μοναδικούς και ισχυρούς κωδικούς πρόσβασης.
It is also worth noting that these tips will help you protect yourself from other Android malware executives.
In recent days, cybercriminals have begun targeting Europeans with TeaBot (also known as Anatsa or Toddler). This is a family of Android malware that uses exactly the same technique as FluBot to spread and entice users to disclose their sensitive data.
FluBot and TeaBot are detected by ESET products as variants of the Android / TrojanDropper.Agent family.