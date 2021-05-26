Flubot has had a devastating impact on Android users in several European countries over the last few months. The latest Banker Trojan spreads via SMS messages that appeared to be from well-known shipping companies (FedEx, DHL, etc.) to trick users into clicking to download the malicious app onto their mobile device, ostensibly to track a package delivery. Once downloaded, Flubot completely takes over the phone, hiding itself from antivirus detection and removal, gathering and exfiltrating personal banking data, and propagating itself further by sending out the SMS to the phone’s contacts. The cybercriminals behind the attack use stolen banking and browsing history data to identify which ecommerce sites or banking/payment apps the phone’s owner habitually uses, so that the next time they try to login to their account the Flubot command & control server reroutes them to a targeted overlay that looks identical and steals login credentials.