A particularly deceptive malware tricks Android users into downloading it by claiming that their smartphone is already infected by itself and that they need to download a security update.
Objective: steal your passwords and banking information
The malicious SMS contains FluBot, a form of Android malware that steals passwords, bank details, and other sensitive information from infected smartphones.
The malware also exploits device permissions to spread to other victims, allowing the chain of infection to continue. Links can pass through iPhones, but FluBot cannot infect Apple devices.
Typically, FluBot malware was delivered via SMS messages alerting the user that a delivery had been missed. The message asked the latter to click on a link, stating that he installed an application to organize a new delivery. Instead, the victim downloaded the malware.
How does FluBot work?
But this is no longer the only technique used by cybercriminals to trick people into downloading FluBot malware. The New Zealand Computer Emergency Response Team (CERT-NZ) has issued a warning against fraudulent text messages claiming that a user is already infected with FluBot and needs to download a security update.
When the user clicks on the link, a warning message appears, in red, stating that their “device is infected with FluBot malware”. The message explicitly states that FluBot is Android spyware that aims to steal login data and passwords, especially for financial services.
At this point, the device is not really infected with anything. The “transparency” of the malware distributors, of course, is only intended to scare their victims into clicking mindlessly on the link to install the so-called “security update” and thus infecting their smartphone with the famous malware. Attackers can access all specific financial information and distribute FluBot to the victim’s contacts.
What if you think you have been affected?
FluBot malware affects the world. However, it is important to clarify that as long as you do not click this link, you are not infected.
If you are concerned about downloading this malware, after clicking on such a suspicious link, contact your bank to find out if any unusual activity has been detected on your accounts and change all passwords for your online accounts, in order to prevent cybercriminals from accessing it.
If you have been infected with FluBot, it is also recommended to restore your device to factory settings to remove the malware.
How can you protect yourself from this type of malware?
While it can sometimes be difficult to figure things out in mobile alerts, remember that a business is unlikely to offer you to download an app from a direct link sent by message.
In general, it is safer to download applications through official stores (App Store for Apple, Play Store for Android, etc.).