3 min read

What is FluBot and why you need to start taking it seriously right now

Radu CRAHMALIUC

December 03, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
What is FluBot and why you need to start taking it seriously right now

Finnish officials from The National Cyber Security Centre (NCSC-FI) posted a “severe malware blizzard” alert last week, warning local Android users of a Trojan dubbed FluBot that’s spreading aggressively through SMS, stealing online banking information, and threatening to snowball out of control. First spotted over the summer, when it flooded thousands of victims with fake “failed parcel delivery” messages, FluBot was thought to be extinct by the end of August. However, it made a surprising come-back in the fall, rebranded as a fake voice mail notification.

Although Android Trojans are nothing new, and mobile threats are increasing by the minute, FluBot is a particularly worrying example of “new malware” because of its capacity to adapt.

Why is FluBot so dangerous?

It’s spreading exponentially. FluBot performs both as a banker and as spyware. That means that, once installed on your Android device, it will steal your credit and debit card information, raid any crypto stock you may have, and inflict significant financial loss. But it will also copy your contact list and automatically send infected links, via SMS, to all the numbers saved in your phone. That’s the main reason why, even though things might seem under control from time to time, a new outbreak is always brewing.

It’s constantly adapting. FluBot is spreading exclusively through links received via text message. When the victim clicks the link, they’re immediately directed to a phishing page that seems like the real deal but tricks them into downloading the malware and granting it permission. Although the method is always the same, the story changes periodically, and it’s harder and harder to spot. For example, in the beginning users were scammed to believe the message comes from a delivery company addressing a problem with a parcel delivery. “A deliveryman tried to contact you but there was no answer. Click here to reprogram your delivery.” However, after a while, the text messages changed, and users were informed somebody is trying to share pictures with them. “Your friend shared a photo. Click the link to see it.” When this method started flopping, the attackers began sending messages that ironically warned users their phones are infected with the FluBotvirus and they need to take immediate action. Finally, more recently, all the infected links have been made to look like voice mail notifications.“You have 1 new Voicemail(s). Go to link!”

It’s not geographically contained. Finnish authorities intercepted millions of infected messages sent in just a few days. However, before Finland, FluBot targeted English-speaking Android users in Australia and New Zealand. Before that, the malware was detected in the UK, Germany, France, Poland and Hungary. Digging even deeper, we find out FluBot, or Cabassous, as it was known at the time, was first spotted in the wild in Spain, in December 2020. So how can the same malware adapt so quickly and move between different countries? The answer is simple but very disturbing: its initial makers are probably selling it as a service to criminal groups in other countries, the same way ransomware attacks and phishing campaigns are regularly auctioned on the Dark Web.

What can you do to stay safe?

  • Back up all your data periodically. If you have reason to believe your Android phone is infected, factory-reset your device, but be very careful because this will also erase all your unsaved personal data. Restore your device using a backup made before you were infected and change all your passwords.
  • Treat all mobile links with extreme caution
  • Watch out for suspicious text messages
  • Fight the urge to click on links you receive via SMS, even if the message seems to come from a reliable source
  • Track your deliveries independently
  • Don’t log in to pages through links you receive in messages
  • Don’t install apps or updates through suspicious links
  • Don’t rush into any action, even if the message seems urgent

Because accidents can happen even to the wary, it’s always good to have a safety net. Bitdefender Mobile Security for Android protects your personal data, including your financial information, gives you instant alerts whenever an incident is prevented, warns you of webpages that contain malware, phishing or fraudulent content and flags malicious links arriving via SMS, messaging apps and pretty much any type of notification.

tags


Author



Right now

Top posts

Abode IoT Security Camera Vulnerabilities Would Let Attackers Insert Images, Bitdefender Finds

Abode IoT Security Camera Vulnerabilities Would Let Attackers Insert Images, Bitdefender Finds

December 21, 2021

2 min read
Online Shoppers Beware, Mobile Scams Are on the Rise

Online Shoppers Beware, Mobile Scams Are on the Rise

December 17, 2021

2 min read
The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Scam Alert: Tens of thousands of users targeted in pyramid scheme spam campaign Scam Alert: Tens of thousands of users targeted in pyramid scheme spam campaign
Alina BÎZGĂ

January 13, 2022

3 min read
Is Your QNAP NAS Secretly Mining Crypto? Is Your QNAP NAS Secretly Mining Crypto?
Radu CRAHMALIUC

December 09, 2021

2 min read
What is FluBot and why you need to start taking it seriously right now What is FluBot and why you need to start taking it seriously right now
Radu CRAHMALIUC

December 03, 2021

3 min read