The National Cyber Security Center of Finland (NCSC-FI) has issued an alert regarding an increase in FluBot Android malware infections due to a new campaign that uses SMS and MMS to spread the virus. By overlaying phishing websites on top of authentic banking and cryptocurrency applications, FluBot hopes to steal financial account details from its victims.
It can also read SMS messages, make phone calls, and watch incoming alerts for temporary authentication codes such as one-time passwords (OTP), which are required in addition to standard login credentials. Last year, after identifying the spread of 70,000 fraudulent texts in just 24 hours, Finnish officials issued a similar warning. No particular figures have been given at this time. However, the NCSC-FI has warned that “thousands of malicious communications are spreading” to prospective victims.
The FluBot operators send SMS messages that pretend to include voicemail links, missed call notifications, or information about receiving money from an unknown financial transaction. The victims are directed to a website that contains the FluBot APK, which they are instructed to download and install to discover more about the transaction details. The program asks victims to allow hazardous Android rights, including accessing SMS data, controlling phone calls, and reading the user’s contact book.
Threat actors use the contacts list to send a second-wave SMS from hacked devices. The recipients are more likely to open and infect their devices since these communications originate from a known source. If iPhone users receive malicious SMS, they will be routed to premium subscription frauds and other scams. Although just accessing the links does not install malware on your smartphone, NCSC-FI advises users to avoid installing APKs from sources other than the official Play Store.
If FluBot has already infected your device, you should be able to remove the infection by restoring the system to factory defaults. If you restore from a backup, ensure it doesn’t include malware. If you believe you were infected while using a financial application, contact your bank and follow their recommendations. Additionally, keep a close eye on all of your transactions and report any suspicious activity right away.
Passwords for accounts used from the hacked device should likewise be reset. If you have an iPhone and have unintentionally enrolled on premium services via a FluBot SMS, contact your carrier and request that the subscription is canceled. Place a permanent prohibition on subscriptions to these services if feasible.