In the last few weeks, an extremely sophisticated virus has been emptying the accounts of some unsuspecting users. It’s called Flubot, although you’ve popularly heard of it as the FedEx SMS scam. We are possibly facing one of the most complex and advanced viruses that we have seen in recent times, especially due to the way in which it has evolved to become more sophisticated. It started innocently, but now it sends you the SMS on your behalf, which makes it easier for people who do not understand as much about the dangers of the Internet to bite you.
The way this threat is presented is by falsifying an SMS from a courier company such as FedEx, in which the user is assured that the delivery of a package at home. In the message, the victim is asked to access a link where he can supposedly download an application to follow the delivery process of this shipment. It is all false, the link leads to a malware that infects the entire device.
Once FluBot is installed, it sneaks into the smartphone software to access the phone’s contact library to continue sending SMS to other people and thus extend the chain of infected. Furthermore, this malicious software is capable of stealing victims’ confidential information such as their passwords and access to bank accounts at the same time.
The alarm has spread throughout much of the market, operators such as Vodafone have issued alerts, as well as institutions focused on national cybersecurity such as the INCIBE in Spain or the NCSC in the United Kingdom. The Swedish cybersecurity company PRODAFT issued a report stating that this malware has attacked 60,000 devices.
FluBot operates in different countries of the world, although mainly in Spain, Italy, Germany, Hungary, Poland and the United Kingdom, but it could be extended to other countries. In Spain, the Trojan was already identified by ESET at the end of March by impersonating the shipping company MRW.
FluBot uses ‘Accessibility’, an Android component that observes and controls the device. It acquires the ability to show overlapping windows that can be presented above what is on the screen, which facilitates the theft of data in, for example, fake banking portals; and makes it difficult to uninstall.
To protect against FluBot, it is recommended to install an antivirus and, if the user has already been infected, carry out an analysis with it, identify the ‘malware’, restart in safe mode and uninstall the malicious application. Finally, it suggests changing the passwords of the services that they think may have been exposed, but the most important thing to avoid infection is not to access the links of the SMS, check the veracity of the companies that send the SMS by contacting them, remember that these threats need the participation of the user, learn to identify these deceptions.
Also read:
Fraudulent campaigns called SMS Bandits
Smishing , Beware of fake SMS
[…] see:FluBot is a new threat that comes through SMSBotnets using Tor, A threat exploited by criminalsGafgyt is a botnet that uses Mirai DDoS […]