New campaigns distribute malicious software in the form of Flash Player. In other words, FluBot malware continues to spread and evolve.
What is Flubot?
Flubot is a form of Android malware that steals online banking credentials, takes screenshots, sends and intercepts text messages, and recovers one-time passwords.
To introduce a smartphone, the malware deceives users through an SMS phishing technique (smishing). In order to go unnoticed, he claims that their smartphone is already infected by itself (Flubot) and that they must download a security update to protect their data.
An evolving malware
According to a review from MalwareHunterTeam returned to BleepingComputer, FluBot’s new campaigns are delivered using text messages asking the recipient to upload a video from their device. The message contains a link that redirects the user to a fake Flash Player update. Difficult then not to click on the link, which presents this update as essential for downloading videos in the form of an APK (Android Package). CSIRT KNF shared a sample SMS from this campaign on Twitter.
A chain hack
The software does not stop at the infection of a device and the theft of banking data. Indeed, like a chain of infection, it uses infected smartphones to spread.
Indeed, this malware offers cybercriminals the possibility of contacting their future victims from the hacked smartphone, without the user’s authorization. Specifically, the software uses the victim’s device to send new smishing messages to all their contacts. The new version of this malware even allows it to send even longer text messages. A way for hackers to trick recipients even more easily.
How to react ?
Once a victim of Flubot, it is imperative to inform his contacts of the infection, to contact his bank to report malicious activity and to restore his smartphone to factory settings. Note that, as long as the user does not click on the link, the infection does not trigger.
Finally, a few tips. First, never download an Android app from an untrusted source. Likewise, it is essential to download Adobe applications only from trusted sites. Note, however, that FluBot cannot infect Apple devices and is limited to Android smartphones… And that the Flash Player plug-in no longer exists since January 2021.
–
:quality(80)/cdn-kiosk-api.telegraaf.nl/f4317142-7487-11ec-b71d-02d1dbdc35d1.jpg?resize=150%2C150&ssl=1)