Flubot attacks – a variant of malware especially for users of the Android operating system

Flubot attacks are a variant of malware, especially for Android that steals sensitive information through SMS sent to users in Romania.

Recently, users have received unsolicited SMS notifications informing them that they would receive a package by express courier or that they have an unheard voice message, a message with the link where they could listen to the received voice message, and messages. in which it is specified that the user has been selected for a job, a message accompanied by a link with information about the job.

Behind these messages is a phishing attack, in which attackers try to extract sensitive data from users. This malware attack is activated when the clicked environment is one with an Android operating system.

Messages are designed to appear to come from a courier or voicemail service, and provide a link to install order tracking applications or to listen to and save voice messages. In fact, the user does not install a legitimate application, in fact a variant of malware called Flubot is installed on the device.

Malware is a type of fraud that involves software applications that have the role of installing without the knowledge of the owner of the phone in question codes for collecting data associated with bank cards, accessing the network, intercepting transmitted data and other personal information.

FluBot poate primi comenzi prin intermediul unui server de comandă și control (C&C), inclusiv comenzi pentru dezinstalarea aplicațiilor, blocarea cardului, trimiterea mesajelor SMS, deschiderea adreselor URL (adresele site-ului), extragerea listelor de contacte, dezactivarea Google Play Protect și diverse alte comenzi.

This type of attack is common in Romania, targeting users of the Android operating system. For other cases where users use other types of operating systems, attackers redirect potential victims to certain sites that host scam campaigns. To spread quickly to other potential victims, this type of malware attack gains access to the contacts on the victim’s phone, to whom it sends the same messages mentioned above.

How can we avoid infecting our device with this type of malware?

First of all, we need to consider:
  • Checking in detail the senders, the content of the messages, the links and the received files;
  • Install an antivirus from trusted sources that is constantly updated;
  • Search for the sender’s phone number on Google if we haven’t been in contact with it (many websites may show if the number is associated with a phishing attack);
  • Avoid accessing links and opening attachments from unknown sources;
  • Grant mobile apps on time and as needed;
  • Also check your mobile app permissions regularly;
  • Use antivirus solutions and constantly update their signatures (update);
  • Enable the security check option for installed mobile apps and the option to block unknown sources.
  • Update your operating system to the latest version compatible with your system;
  • Use a security (antivirus) solution on your device;
If you realize that you have fallen victim to this type of attack, avoid logging in to your account at all costs without performing a factory reset of your device or recovering data from a backup created after the malicious application was installed.

If the SMS link was accidentally accessed and the malware was installed, an immediate reset of the phone to the factory settings is required. It is recommended that you do not close the mobile device, but try to remove the virus as soon as possible.
If the link has not been accessed, it is recommended to delete the SMS.

Steps to protect your internet banking account in the event of a malware attack

If we have downloaded a malware application, cybersecurity experts advise us to:
  • We do not access the online banking application we use from the phone exposed to the virus;
  • We reset the internet banking application password from a device other than the infected one;
  • We completely reset the affected phone to factory settings;
  • We do not back up until we return to the factory settings (this will also involve a copy of the malware);
  • We check the last transactions made;
  • We contact the bank if we notice transactions that we have not processed; We lock the cards as soon as possible if there is a suspicion of damage to their data.

Share:

More posts

Using WhatsApp accounts and avoiding attacks through social engineering methods

In the last period of time in Romania there have been several cyber attacks that have targeted emails and messages through communication applications. It is about the attackers trying to gain access to the WhatsApp accounts of certain target people through advanced social engineering techniques. How does this type of cyber attack work? To use

Security guide for using Android devices in companies

Configure and secure devices with Android operating system Android is a mobile operating system developed and marketed by Google and used on various portable devices such as smartphones, tablets and more. Although this guide applies to multiple versions of Android, it was designed using devices running Android 10 and configured for business models. Below is

news

Cybersecurity

Using WhatsApp accounts and avoiding attacks through social engineering methods

In the last period of time in Romania there have been several cyber attacks that have targeted emails and messages …

See more →
Cybersecurity

Infection of devices with malware by using the image of some banks in Romania

Romanian bank customers are still the target of cyber attacks by several methods, one of which is e-mail attacks. A …

See more →
Cybersecurity

Flubot attacks – a variant of malware especially for users of the Android operating system

Flubot attacks are a variant of malware, especially for Android that steals sensitive information through SMS sent to users in …

See more →

Services

CYBER SECURITY / PENTESTING

Cyber security is the application of technologies and processes to protect systems, networks, devices and data from cyber attacks.

Hardware Development

In this segment of technology, we rely on the actual construction of prototypes for security.

Networking and robotics

Our company offers indoor or street car park management services. This is essential, given the steady increase in the number of cars that require well-developed logistics.

Custom cloud services

Our company offers cloud servers, customized with security included and backup solutions for cyber attacks. How do cloud services work?

Scroll to Top