FluBot, infamous malware that collects all kinds of data on Android phones, is making a comeback. This time, Android users in Europe will receive a text message asking them to download a Flash Player application. In reality, it is up to a rogue app that collects as much personal information from victims as possible.
That’s what a member of MalwareHunterTeam tells BleepingComputer.
Tens of thousands of Dutch people became victims of FluBot
Last May we were introduced to FluBot for the first time in the Netherlands. Unsuspecting victims received a text message saying a package was on its way for them. To see when the package would be delivered, all they had to do was download an app. In reality, they installed a malicious application that stole personal data. The app also changed bank account numbers and amounts of money if a victim tried to transfer money.
In the summer, a new variant of FluBot went around. Instead of a package, there was a voicemail ready for victims. It did exactly the same as its predecessor, collecting financial information, changing transaction amounts and spreading itself further by sending text messages to all contacts that the person in question had stored on his phone.
Tens of thousands of Dutch people fell for it with their eyes open and installed FluBot on their mobile phones. There were also victims in countries around us, including Belgium.
FluBot is getting more cunning
Now another variant of FluBot is circulating in Europe. This time, the malware does not disguise itself as an app to track packages or listen to a voicemail, but as a Flash Player. In a text message, users are asked if they want to upload a video from their smartphone. All they need to do is download the Flash Player app.
Anyone who taps the URL in the message will be redirected to a page where the rogue app can be downloaded. Once downloaded, the APK installs the FluBot malware. The latest version, which is only a few days old, can play all kinds of tricks. For example, it is possible to open URLs on command, remove installed apps from your smartphone (such as antivirus applications), make automatic phone calls, disable Google Play Protect and collect passwords through keylogging.
Like its predecessors, the new FluBot variant also collects personal data from victims. These are forwarded to a Command & Control server abroad. In short, FluBot gets more cunning with each iteration and causes more misery than ever. According to MalwareHunterTeam, victims have already been reported across Europe.
This is how you prevent your smartphone from becoming infected with FluBot
In order not to become the next victim of FluBot, it is good to stick to a number of ‘rules’. For starters, never click a link in a text message if you don’t know the sender. Downloading applications outside the Play Store – also called sideloading – sounds tempting, but is unwise. The chances of installing a Potentially Harmful Application (PHA) from Google’s app store are very slim. In addition, Google has taken all kinds of security measures to minimize the risk of contamination, such as Google Play Protect.
Have you accidentally installed FluBot on your smartphone? Then there is only one way to get rid of it permanently: go back to the factory settings. Then the malware is flushed from your device and you start again with a clean slate.
As a precaution, it is also wise to change your passwords, in case they have been collected and forwarded to the administrator of the Command & Control server. A password manager can help with that. VPNGids.nl has tested and reviewed the best password managers for 2022.
Catch up on more articles here
Follow us on Twitter here