Dozens of Dutch people have become victims of FluBot. They received a text message from a so-called parcel deliverer, containing a malicious link. Instead of tracing the package, unsuspecting victims installed spyware that collected various financial and other data.
In May of this year, FluBot showed itself for the first time in the Netherlands. At the time, a text message was circulating among Android users that a package was on its way for them. This message was supposedly from DHL, UPS or another courier service. To track the package, an application had to be downloaded and installed.
That’s when all the trouble started. The app could not be opened and did not respond to finger touches in any way. In the background, the app stole personal data and checked whether you had apps for cryptocurrency or crypto wallets on your smartphone. In addition, the malware changed bank account numbers and amounts when you transfer money using a banking app. Victims often only found out about this after the transaction had been completed.
Because FluBot collected mobile phone numbers of contacts, it was able to spread very quickly. No wonder that six months ago tens of thousands of Dutch people were the victims of FluBot. The malware, which has the characteristics of a Trojan horse, also made victims in Belgium and other European countries.
According to a press statement from the police, the danger of FluBot has not yet passed. Cybercriminals still try to scam people by spreading fake messages with malicious links. As a result, there have been more casualties.
“Suddenly received a message that a package is on its way to you? To track the mail item, you will be prompted to click on a tracking link. Be careful with this. This is the moment when malicious people try to make their move. They give you the idea that you can indeed track the package via track-and-trace, but what actually happens is that you are sent to a fake app via that link in the text. With all the bad consequences that entail,” said the police.
The police emphasize that the current fraud attempt resembles that of the end of May. At the moment, dozens of new victims have already come forward to report. Police expect the number of victims to continue to rise.
FluBot only works on Android phones, because Google’s operating system allows sideloading. This means that users can install apps outside the Google Play Store on their smartphones. Apple doesn’t allow this. For that reason, FluBot can’t nest on iPhones.
The police give all kinds of advice to ensure that FluBot cannot install on your phone. First of all, don’t click on a link in a text message that supposedly allows you to track your package. If you need an app to track a package, download it from the Play Store and not via text message.
Did you accidentally activate the malicious link? Please contact your provider or telephone provider to prevent further damage. Do you have financial damage? Report this to your bank and always report it to the police. Finally, warn your family, friends, colleagues and other people around you. “That way you help prevent more people from becoming victims,” said the police.
Last summer, a new variant of the FluBot malware circulated. Instead of a package, a voicemail was available for victims. It did the exact same thing as its predecessor, collecting financial information, changing transaction amounts and distributing itself.
The only way to get rid of FluBot if it’s on your smartphone is to do a factory reset. You will then delete all apps, data and data from your mobile phone. Once you have backed up your files, you can easily restore this data. Going back to factory settings works slightly differently on every Android smartphone. For Samsung phones, go to Settings > General management > Reset > Factory reset .
The Belgian Institute for Postal Services and Telecommunications (BIPT) advises Android users to change passwords of online services and applications. Especially if these are stored on your smartphone. If you use the same password for multiple services, it would be a good idea to change it as well.
Catch up on more articles here
Follow us on Twitter here