FluBot is designed to steal personal information including bank details etc. Users whose devices get infected; are being exploited to spread the malware to their contacts.
Users receive text messages which appeared to be delivered from a company. The message asks the users to click on the provided link to track their delivery package. Once users click on the malicious link, it further instructs them to install an app to track the fake delivery package. That app is basically malware for stealing data and information from Android phones. This is how FluBot malware gets installed in phones through text messages.
After the app gets installed, FluBot malware enters the device. It starts its malicious activities which include;
- Stealing infected device’s information and data.
- Stealing sensitive information including passwords and bank details.
- Ability to spread to other devices through 1 device.
- Theft of personal information.
- Gaining access to the victim’s address book.
- It further allows it to send the infected text message to all their contacts.
- Ultimately further spreading the malware to the devices of the contacts.
Security guidance has been published by The UK’s National Cyber Security Centre (NCSC). It guides the users to identify the FluBot malware and then to get rid of it. Some network providers like Three and Vodafone have also proceeded the warnings to users about cyberattacks through text messages. There’s a specific way it’s been done. Once you recognize the process, you could get away with it easily by simply ignoring the malicious messages.
Most of the time messages appear to come from delivery service DHL. Names of some other brands like Asda, Amazon, and Argos are also being used. Now, if the user would click on the link, the link would lead the user to a website that would further lead him to a third-party site, which would ask the user to download a malicious APK file (Android Package File). These files are already blocked by default most of the time in order to protect Android users from attacks. There are some fake websites that provide information on how to pass these restrictions to let FluBot be installed.
Once installed, FluBot does all the malicious activities mentioned above which is a high-security risk. Through the methodology of contacts information, it gets itself spread quickly to other devices.
The malware can only infect Android devices. It has not yet affected Apple devices but Apple users are also advised by security experts to be cautious about text messages, they are also guided not to click on links that are about a delivery package as the dangerous websites could still be used to steal personal information.
The NCSC has warned users to completely ignore these kinds of messages and if they receive a scam text message they should never click the link in the message and never ever install any apps if prompted. The users are instructed by NCSC to forward the malicious message to 7726. It is a free spam-reporting service provided by phone operators. Once forwarded the message to 7726, they should delete the message quickly. Those who have already clicked the link and downloaded the app, are now advised by NCSC to not log in to any more online accounts as it could lead to attackers stealing more personal information. They are advised to perform a factory reset of the device as soon as possible.
After factory reset, it is important for the users not to backup the data made after FluBot malware was installed as it could still be infected. However, the data beforè that could be restored. The NCSC also further recommends that in order to avoid attackers from continuing to have access to their information, users should change the passwords of any accounts they’ve logged in to since downloading the app and also of other accounts that use the same password.
Users are recommended to install apps from any app store and not from any third party in order to prevent falling victims to similar attacks.