In the past, malware (or malicious software) only affected our computers. Today, with the advent of the smartphone and its massive use, hackers have learned to exploit a number of vulnerabilities specific to mobiles and their software architecture. This is recently the case with malware known as FluBot, which primarily infects phones through downloads, including a text message claiming to be from a delivery company.
FluBot’s goal is to steal passwords, bank details, and other information stored on your phone. IPhone owners rest assured, the software only infects the Android operating system, at least for now.
The software is therefore installed through text messages or emails, claiming to be from a known delivery company and asking users to click on a link to track the delivery of a package. This phishing link asks users to install an app for it, but the app is actually malware that can steal your confidential information.
FluBot also accesses the victims’ address book, which allows it to send the phishing text message to all contacts and further spread the malware. In short, a typical operation of a computer virus, which we have been used to since the beginnings of computers.
Extremely rapid spread
However, what is a big game-changer today is that we are using smartphones as never before it was possible to use any connected electronic device. Most people spend several hours a day on it and use it for a lot of administrative tasks, which makes the spread of this type of software all the faster.
The UK’s National Cyber Security Center (NCSC) has published security advice on how to identify and remove FluBot malware, while ISPs including Three and Vodafone have also warned users against SMS attacks. The messages most often claim to be from the DHL delivery service, although the names of other companies like Asda, Amazon and Argos are also used.
If an Android user clicks on the link, they are taken to a website which will take them to another third-party site to download a malicious APK (Android Package File). These files are usually blocked by default in order to protect Android users from attacks, but fake websites provide information on how to bypass these protections to allow the installation of FluBot.
Once installed, FluBot obtains all the necessary permissions to access and steal sensitive information, including passwords, bank details, and other personal information, as well as the ability to spread to other people. It is this mechanism of using contact information that allows FluBot to spread so quickly.
Although the malware can only infect Android devices, Apple users are also advised to beware of text messages tricking them into clicking on links regarding a delivery, as malicious websites could still, although of a different way, be used to steal personal information.
What to do to protect yourself or in case of infection?
The NCSC has warned users who receive a fraudulent text message not to click on the link in the message and not to install apps if prompted. However, it is recommended that you forward the message to 33700 (France) or 7726 (Canada), free spam reporting services provided by telephone operators, and then delete it.
If you have already clicked on the link and downloaded the app, do not log into other online accounts in order to prevent attackers from collecting more personal information, then perform a factory reset on your device. as soon as possible. You should then be able to restore your device data via a backup, but it is important to avoid doing this from backups made after the installation of the FluBot malware, as it will still be infected.
It is also recommended that you change the passwords of all accounts that you have logged in to since downloading the app, as well as any other accounts that use the same password, in order to prevent attackers from continuing to have access to it. In order to avoid falling victim to similar attacks, it is ultimately advisable to only install apps from official app stores such as App Store (Apple) or Google Play Store (Android).