• Admin

Ahchoo! FluBot Banking Malware Spreads Through Europe, U.S. Likely Next

Published: June 15, 2021 on our newsletter Security Fraud News & Alerts Newsletter.



It may not be time to call the cyber doctor yet, but Proofpoint discovered a new malware virus is spreading rapidly across Europe. One lesson the coronavirus taught us is that virus can spread across borders like wildfire. According to ThreatFabric, the Android banking malware is rapidly wreaking havoc across several areas including Norway, Sweden, Denmark, the Netherlands, and Japan. Proofpoint finds the malware is poised to spread throughout the rest of the world thanks to a concerted effort by the threat actors behind FluBot. Like most malware that can swiftly infect its way across geographic lines, FluBot is sure to hit the U.S. in the near future.


How FluBot Infects Mobile Androids


Taking a closer look at FluBot, the banking malware uses SMS text messages (smishing) to infect mobile banking and cryptocurrency apps on Android devices. It also has a spyware function that steals passwords and other PII (personally identifiable information), but FluBot doesn’t stop there. It also hijacks credentials, contact lists, calls, notifications, and messages by compromising the Android Accessibility Service. FluBot uses the stolen PII to spread to other devices and locations.



FluBot sends SMS messages to a target, pretending to be from a package delivery service like FedEx or DHL. The bogus text includes a link to track the delivery, which once opened, installs an encrypted FluBot module embedded in malicious apps. The apps carrying FluBot automatically download when the link is activated. The banking malware also uses fake, legitimate-looking overlays to phish data from webview-based applications. Once activated, FluBot overtakes the device and financial fraud is sure to follow.



ProofPoint researchers comment on this new banking malware, saying "As long as there are users willing to trust an unexpected SMS message and follow the threat actors’ provided instructions and prompts, campaigns such as these will be successful.” So, if you’re not expecting a delivery, or even if you are, think twice before opening that text link to follow your UPS delivery driver – especially now that you know the “package” could be FluBot in disguise.


Another important thing to pay close attention to is the permissions that you are required to give to the app. For example, if you are installing a game, but it wants access to your contacts, this should be a red flag. The fewer permissions you have to give to the app, the more secure your information will remain. In many cases, you will have a choice between multiple similar apps. It’s best to look at each one and find out which will require the least amount of permissions to install and try to find apps that have been around for a longer period of time. While this is not a guarantee that it is safe, generally apps that are one or more years old, will be a safer choice than a brand-new app.


Mobile devices are far more secure than your regular PC, but the simple mistake of installing the wrong app can actually lead to a complete and total compromise of a corporate network. Remember to take your time and do you research before ever installing an app. When in doubt, talk to others who can give security insight before you choose to install a questionable app. Keep up to date: Sign up for our Fraud alerts and Updates newsletter

Want to schedule a conversation? Please email us at advisor@nadicent.com

9 views0 comments