There has recently been a newly identified banking malware that wreaks havoc in Android mobile phones. Its presence is becoming increasingly threatening because it spreads fairly easily. This malicious software uses many of the same features and modes of operation that older malware families have used, but has brewed up quite a storm and has infected thousands of devices in just a few months.
If you’re an Android user, you need to know about FluBot. The scam first appeared in late 2020 and is now spreading like wildfire through Android devices, using SMS messages to trick users into downloading malware. Let’s break down what happens when your device comes down with a case of the FluBot
Android OS has just over 70% market share in the global smartphone operating system market. For cybercriminals, it’s an irresistibly large pool of prospective targets. That’s why Android has been an evergreen target for hackers — if even a small number of their attacks succeed, the rewards can be enormous.
One of the newer threats in town is FluBot malware. It was initially discovered as affecting Android users’ devices in Spain in December 2020 before spreading to other European countries in early 2021. It has since infected devices in Australia and New Zealand and continues spreading rapidly to others as well.
What Is FluBot Malware and How Does It Spread?
FluBot is a sophisticated type of malware targeting Android users through fraudulent messages or notifications. They alert the individual that they have a new voicemail or missed a call from an unknown number.
The message may appear as “You have 1 new Voicemail(s). Go to [link].” It contains a fake link that takes people to a website that looks convincing enough, and it instructs the users to read or listen to what they’ve missed. Afterwards, it installs malware into the device.
The malware will ask the user to grant permissions to the app. When the person agrees, it gets down to business and starts attacking various apps. FluBot attacks Android users’ mobile banking apps. However, it may even adapt and begin setting its sights on cryptocurrency-related applications. These issues can spell major trouble for organisations.
FluBot attempts to access users’ contact lists, personal information, credit card details, browser pages, and other sorts of information. It spreads across random mobile numbers and other devices’ contact lists, creating new links and prevents users from blocking it completely. Even iPhone users can receive the messages, but the malware seems to only work on Android phones.
FluBot spreads so fast because it uploads contact numbers to a command and control (C&C) server, then it sends messages to each of those numbers. It also adds the numbers to the device’s blacklist and disables the operating system’s built-in security, allowing it to cause chaos undetected.
How to Tell If Your Device Is Infected
Often, there is no quick way to tell if FluBot malware has infected your device and is accessing your data. You also will not see if it’s sending messages to your contacts. However, you may notice a new “voicemail” app with a blue cassette in a yellow envelope that cannot be uninstalled. You may also receive complaints from people on your contact list claiming you’ve sent them spam messages.
How to Remove FluBot
Although it actively protects itself from deletion, you can manually remove FluBot from your device by using Android’s safe boot. Hold down the power button and restart your phone, confirming that you wish to reboot the device in safe mode. In the system settings, look for the malware app and uninstall it.
There are also some recently developed tools online that help remove FluBot from your device. However, it’s also best to protect your organisation against cyberattacks by working with a brand protection company you can trust.
Enlist the Help of a Digital Brand Protection Company
FluBot is steadily evolving and is rapidly becoming a threat to individuals and organisations alike. This malware is a relatively young one, and its threats will likely continue to grow for a while until security measures keep up with its advancements. However, learning how to protect yourself is one of the best ways to halt its spread.
If you want to protect your organisation fully, it’s best to seek malware protection from an experienced cyber security company. FraudWatch offers innovative and up-to-date intelligence and security solutions to client companies worldwide. Contact us to learn more!