Flubot attacks are a variant of malware, especially for Android that steals sensitive information through SMS sent to users in Romania.
Recently, users have received unsolicited SMS notifications informing them that they would receive a package by express courier or that they have an unheard voice message, a message with the link where they could listen to the received voice message, and messages. in which it is specified that the user has been selected for a job, a message accompanied by a link with information about the job.
Behind these messages is a phishing attack, in which attackers try to extract sensitive data from users. This malware attack is activated when the clicked environment is one with an Android operating system.
Messages are designed to appear to come from a courier or voicemail service, and provide a link to install order tracking applications or to listen to and save voice messages. In fact, the user does not install a legitimate application, in fact a variant of malware called Flubot is installed on the device.
Malware is a type of fraud that involves software applications that have the role of installing without the knowledge of the owner of the phone in question codes for collecting data associated with bank cards, accessing the network, intercepting transmitted data and other personal information.
FluBot poate primi comenzi prin intermediul unui server de comandă și control (C&C), inclusiv comenzi pentru dezinstalarea aplicațiilor, blocarea cardului, trimiterea mesajelor SMS, deschiderea adreselor URL (adresele site-ului), extragerea listelor de contacte, dezactivarea Google Play Protect și diverse alte comenzi.
This type of attack is common in Romania, targeting users of the Android operating system. For other cases where users use other types of operating systems, attackers redirect potential victims to certain sites that host scam campaigns. To spread quickly to other potential victims, this type of malware attack gains access to the contacts on the victim’s phone, to whom it sends the same messages mentioned above.
How can we avoid infecting our device with this type of malware?
- Checking in detail the senders, the content of the messages, the links and the received files;
- Install an antivirus from trusted sources that is constantly updated;
- Search for the sender’s phone number on Google if we haven’t been in contact with it (many websites may show if the number is associated with a phishing attack);
- Avoid accessing links and opening attachments from unknown sources;
- Grant mobile apps on time and as needed;
- Also check your mobile app permissions regularly;
- Use antivirus solutions and constantly update their signatures (update);
- Enable the security check option for installed mobile apps and the option to block unknown sources.
- Update your operating system to the latest version compatible with your system;
- Use a security (antivirus) solution on your device;
If the SMS link was accidentally accessed and the malware was installed, an immediate reset of the phone to the factory settings is required. It is recommended that you do not close the mobile device, but try to remove the virus as soon as possible.
If the link has not been accessed, it is recommended to delete the SMS.
Steps to protect your internet banking account in the event of a malware attack
- We do not access the online banking application we use from the phone exposed to the virus;
- We reset the internet banking application password from a device other than the infected one;
- We completely reset the affected phone to factory settings;
- We do not back up until we return to the factory settings (this will also involve a copy of the malware);
- We check the last transactions made;
- We contact the bank if we notice transactions that we have not processed; We lock the cards as soon as possible if there is a suspicion of damage to their data.