Newly Android malware has been discovered, named Flubot, and it is spreading rapidly across the UK, Spain, Germany, and Poland.
Flubot is a malware that mimics a delivery tracking app and steals your mobile data including bank account information and passwords.
According to research by Proof point, the FluBot Android malware has picked back up, spreading throughout various countries in Europe via its SMS package delivery scheme. Its latest victims include Android users in the United Kingdom, Germany, Hungary, Italy, Poland, and Spain, based on Proofpoint and opensource information, and it may be on the cusp of spreading among US users.
How it is spreading?
According to Proofpoint, once victim receiving an SMS message impersonating a delivery service. The messages are variations on delivery themes, such as “FEDEX Your package is arriving, track here” and include links to compromised sites. If the victim follows the link, they are prompted to download a malicious app that, to lend credibility, has the delivery service’s logo as its icon and uses legitimate looking APK files (Android’s app file format) with FluBot encrypted and embedded inside.
The fake website appears to be a DHL page when you click the link. It suggests installing an app (APK file) with instruction on your smartphone to track your parcel.
This message tells users that a link in the text is the only way to locate their “missed package delivery.” However, this is not a DHL text message. It actually is a fake one and contains the Flubot malware.
How To Secure Yourself?
- Do not click on unknown SMS messages link.
- Always install apps from legitimate app stores.
- Format your Android device completely.
- Do not install APK manually from third party. It should be a Malware that can steal your data.
FluBot is likley to continue to spread at a fairly rapid rate, moving methodically from country to country via a conscious effort by the threat actors. As long as there are users willing to trust an unexpected SMS message and follow the threat actors’ provided instructions and prompts, campaigns such as these will be successful,” Proofpoint researchers said.
As a result of the spike in FluBot activity, both the Federal Bureau of Information Security (BSI) and the National Cyber Security Centre (NCSC) have issued security alerts warning.
