Why Flubot is a major threat for Androis users, how to avoid falling victim and how to get rid of the malware if your device has already been compromised
By Tony Anscombe
Android malware known as FluBot is continuing to cause mayhem across some European countries, and there is speculation that the threat actors behind it may decide to target other geographies, including the United States. Here’s why you should be vigilant, how FluBot operates, and how you can remove this Android nasty from your device.
It’s also worth noting that
this advice will help you stay safe from other
Android malware strains.
In recent days, cybercriminals have begun to target Europeans with
TeaBot (also known as Anatsa
or Toddler), an Android malware family that uses exactly the same technique as
FluBot to spread and to lure users into giving up their sensitive data. FluBot
and TeaBot are detected by ESET products as variants of the Android/TrojanDropper.Agent
family.
How FluBot operates
If a victim is lured by the
attacker into the malicious campaign, their entire Android device becomes
accessible to the scammer. This includes the potential to steal credit card
numbers and access credentials to online banking accounts. To avoid removal,
the attacker implements mechanisms to stop the built-in protection offered by
the Android OS and stops many third-party security software packages from being
installed, an action many users would take to remove malicious software.
The victim first receives
an SMS message that impersonates a popular delivery logistics brand, such as
FedEx, DHL, and Correos (in Spain). The call to action of the message is for
the user to click a link in order to download and install an app that has the
same familiar branding as the SMS message but is actually malicious and has the
FluBot malware embedded within it. An example of the SMS message (in German)
and the subsequent prompt to install the app can be seen below:
Take action now – FluBot malware may
be on its way | WeLiveSecurity