FluBot a malware designed to steal passwords, bank details, and other sensitive information from Android device users.
The malware is installed via text message claiming to be from a delivery company that asks users to click a link that enables them to track their package delivery.
Immediately the Android user clicks on the link, they are taken to a website that will redirect them to a third-party site to download the app. By default, these apps are blocked to protect Android users from attacks, but the fake website provides information on how to bypass these protections and allow FluBot to be installed.
Once installed, FluBot gains access to the victim’s address book, allowing it to send the infected text message to all their contacts, further spreading the malware. It also obtains all the necessary permissions to access and steal sensitive information including passwords, online bank details, and other personal information.
In an article published by the NCSC (National Cyber Security Centre) they issued security guidance about how to remove FluBot malware. They recommended the following;
- Users who receive text messages are advised not to click the link in the message and not to install any apps if prompted to instead they should delete the message.
- Those who have already clicked the link and downloaded the application are advised not to login into any additional online accounts to stop attackers from getting more personal information. They are advised to perform a factory reset of the device as soon as possible.
- While users restore the data on their device via a backup, it’s important to avoid restoring from any backups made after FluBot malware was installed because they will still be infected.
- Users should change the passwords of any accounts they have logged into since downloading the app as well as any other accounts that use the same password to prevent attackers from having continuing access.
It is recommended that users install applications only from official app stores.