The Flubot virus has shifted to a new and likely more successful bait to infect Android devices, now aiming to mislead its victims with the assistance of phony security updates alerting them of its very own Flubot infections.
According to a warning from CERT NZ, the statement on Flubot’s new malicious installation page is only a ruse to create a feeling of urgency and persuade potential victims to download malicious software.
The message on the new Flubot’s page says that the FluBot® virus has infiltrated the visitor’s device:
“Your device is infected with the FluBot® malware. Android has detected that your device has been infected,” the new Flubot installation page says.
FluBot is an Android spyware program that tries to steal your bank login and password information. To get rid of FluBot, you’ll need to apply an Android security update.
Targets are also told to permit the installation of unknown applications if they are alerted that the malicious application can’t be loaded on their smartphone.
CERT NZ explained that in reality, this page does not indicate you are infected with Flubot; however, if you follow the misleading instructions on this website, your device WILL be infected.
The SMS messages used to drive users to this installation page are concerning delayed or missing parcel deliveries, as well as stolen pictures that have been uploaded to the internet.
Since late 2020, this financial virus (also known as Cabassous and Fedex Banker) has been used to steal banking passwords, payment information, text messages, and contacts from infected devices.
Until recently, Flubot propagated to other Android phones by sending spam text messages to contacts taken from infected handsets, directing the targets to install malware-laden applications provided via attacker-controlled servers in the form of APKs.
Once delivered through SMS and phishing, the virus will try to deceive victims into providing extra rights on their phones and granting access to the Android Accessibility service, which allows it to hide and do harmful activities in the background.
The primary targets are Android users residing in Spain. Nonetheless, it has broadened its scope to target the populations of other European nations, Australia, and Japan.