3 min read

What is FluBot and why you need to start taking it seriously right now

Radu CRAHMALIUC

December 03, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
What is FluBot and why you need to start taking it seriously right now

Finnish officials from The National Cyber Security Centre (NCSC-FI) posted a “severe malware blizzard” alert last week, warning local Android users of a Trojan dubbed FluBot that’s spreading aggressively through SMS, stealing online banking information, and threatening to snowball out of control. First spotted over the summer, when it flooded thousands of victims with fake “failed parcel delivery” messages, FluBot was thought to be extinct by the end of August. However, it made a surprising come-back in the fall, rebranded as a fake voice mail notification.

Although Android Trojans are nothing new, and mobile threats are increasing by the minute, FluBot is a particularly worrying example of “new malware” because of its capacity to adapt.

Why is FluBot so dangerous?

It’s spreading exponentially. FluBot performs both as a banker and as spyware. That means that, once installed on your Android device, it will steal your credit and debit card information, raid any crypto stock you may have, and inflict significant financial loss. But it will also copy your contact list and automatically send infected links, via SMS, to all the numbers saved in your phone. That’s the main reason why, even though things might seem under control from time to time, a new outbreak is always brewing.

It’s constantly adapting. FluBot is spreading exclusively through links received via text message. When the victim clicks the link, they’re immediately directed to a phishing page that seems like the real deal but tricks them into downloading the malware and granting it permission. Although the method is always the same, the story changes periodically, and it’s harder and harder to spot. For example, in the beginning users were scammed to believe the message comes from a delivery company addressing a problem with a parcel delivery. “A deliveryman tried to contact you but there was no answer. Click here to reprogram your delivery.” However, after a while, the text messages changed, and users were informed somebody is trying to share pictures with them. “Your friend shared a photo. Click the link to see it.” When this method started flopping, the attackers began sending messages that ironically warned users their phones are infected with the FluBotvirus and they need to take immediate action. Finally, more recently, all the infected links have been made to look like voice mail notifications.“You have 1 new Voicemail(s). Go to link!”

It’s not geographically contained. Finnish authorities intercepted millions of infected messages sent in just a few days. However, before Finland, FluBot targeted English-speaking Android users in Australia and New Zealand. Before that, the malware was detected in the UK, Germany, France, Poland and Hungary. Digging even deeper, we find out FluBot, or Cabassous, as it was known at the time, was first spotted in the wild in Spain, in December 2020. So how can the same malware adapt so quickly and move between different countries? The answer is simple but very disturbing: its initial makers are probably selling it as a service to criminal groups in other countries, the same way ransomware attacks and phishing campaigns are regularly auctioned on the Dark Web.

What can you do to stay safe?

  • Back up all your data periodically. If you have reason to believe your Android phone is infected, factory-reset your device, but be very careful because this will also erase all your unsaved personal data. Restore your device using a backup made before you were infected and change all your passwords.
  • Treat all mobile links with extreme caution
  • Watch out for suspicious text messages
  • Fight the urge to click on links you receive via SMS, even if the message seems to come from a reliable source
  • Track your deliveries independently
  • Don’t log in to pages through links you receive in messages
  • Don’t install apps or updates through suspicious links
  • Don’t rush into any action, even if the message seems urgent

Because accidents can happen even to the wary, it’s always good to have a safety net. Bitdefender Mobile Security for Android protects your personal data, including your financial information, gives you instant alerts whenever an incident is prevented, warns you of webpages that contain malware, phishing or fraudulent content and flags malicious links arriving via SMS, messaging apps and pretty much any type of notification.

tags


Author



Right now

Top posts

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

January 26, 2023

2 min read
Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

January 19, 2023

4 min read
Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Fake Elon Musk million-dollar Christmas donations are crowding users’ inboxes in the US and Germany Fake Elon Musk million-dollar Christmas donations are crowding users’ inboxes in the US and Germany
Alina BÎZGĂ

December 22, 2022

3 min read
Fake E.ON refund emails are making rounds in the UK ahead of Christmas, Bitdefender Antispam Lab warns Fake E.ON refund emails are making rounds in the UK ahead of Christmas, Bitdefender Antispam Lab warns
Alina BÎZGĂ

December 21, 2022

2 min read
FIFA World Cup 2022: Scammers phish for personal data and Microsoft login credentials, Bitdefender Antispam Lab warns FIFA World Cup 2022: Scammers phish for personal data and Microsoft login credentials, Bitdefender Antispam Lab warns
Alina BÎZGĂ

November 23, 2022

3 min read