Android Scam: FluBot Malware Uses New Attack to Steal Banking Data, 2 Ways to Avoid Trojan

The FluBot malware, which has already attacked millions of Android users, is getting an upgrade! Be warned that this banking trojan app steals user credentials and intercepts SMS messages of an infected device. (Photo : ATTA KENARE/AFP via Getty Images)

The FluBot malware, which has already attacked millions of Android users, is getting an upgrade! Be warned that this banking trojan app steals user credentials and intercepts SMS messages of an infected device.

FluBot is an Android malware infamous for its insidious nature. It impersonates legitimate apps or services and fools users to download a malicious payload from the internet.

Once installed, a hacker can gain access to an infected device. This malware is primarily used for stealing banking credentials. However, it can also be used to steal messages, capture screenshots and other related purposes.

Android FluBot Malware: Scam Strategies

As reported previously, FluBot impersonates fake security updates, voicemail memos and parcel delivery notices. More recently, FluBot scam services provide fake Adobe Flash Players.

Twitter user CSIRT KNF shared screenshot samples of this scam. Note that the text message and system functions are all in the Polish language.

BleepingComputer translated that the SMS asked the recipient "if they intend to upload a video to their device." The SMS included a link for a fake Flash Player APK. Victims who click on the link will install a fake Flash Player app and the FluBot malware in their devices.

Read Also: iPhone Malware Security Warning: New Fake Shutdown Trick Lets Hackers Spy on You! 

BleepingComputer said that FluBot is fully capable of the following functions:

  • Open URLs on demand
  • Get the victim's contact list
  • Uninstall existing apps
  • Disable Android Battery Optimization
  • Abuse Android Accessibility Service for screen grabbing and keylogging
  • Perform calls on demand
  • Disable Play Protect
  • Intercept and hide new SMS messages for stealing OTPs
  • Upload SMS with victim information to C2
  • Get a list of apps to load the corresponding overlay injects

More recently, an upgraded version of the malware lets hackers access a victim's DNS resolver, DGA seeds and SMS function.

Note that FluBot spreads itself via smishing (SMS phishing) distribution. It sends itself as a message to all the contacts saved in an infected device, resulting in widespread contamination.

2 Ways How to Stay Safe Against FluBot Malware

BleepingComputer emphasized that there are two ways to stay safe from FluBot attacks. Experts pointed out that FluBot is distributed via phishing and download links, so Android users should be careful about scams related to downloads.

Users should be careful of unusual SMS that contain URL links. They should especially be suspicious if the message urges them to "click" or "download" the URL. Be warned that this message might come from any one of the victim's contacts, maybe even a friend or family. To play safe, Android users are recommended to contact and validate the message with the sender.

The second strategy is to watch out for internet downloads from unusual sources. Users are advised against APK downloads on the internet. Instead, they are advised to download from Google Play Store, which has a Play Protect system. Users are also advised to download only from reputable vendors or sources.

Related Article: Cybersecurity Warning: Hackers Spreading Ransomware in US With USB Drives, FBI Says 

© 2024 iTech Post All rights reserved. Do not reproduce without permission.