The FluBot operation, one of the biggest and fastest-growing Android malware campaigns in existence, has been shut down by Europol. A law enforcement effort comprising eleven nations took down the malware operation following a complicated technological examination to determine FluBot’s most essential infrastructure.
Australia, the Netherlands, Belgium, Hungary, Sweden, Ireland, Switzerland, Finland, Spain, and the United States took part in the operation. According to an announcement by the Dutch Police, they have removed 10,000 victims from the FluBot network and stopped over 6.5 million spam SMS from reaching potential victims.
Because the malware had largely infected people in the region, authorities in Spain arrested four suspects in March 2021 who were then regarded as significant participants of the FluBot operation. The malware’s hiatus in dissemination was only temporary, as it quickly reappeared to unprecedented levels, targeting other nations outside of Spain.
This time, Europol emphasizes that the FluBot infrastructure is under law enforcement control, so there will be no re-ignite. There have been no arrests announced as of yet, so it can be assumed that the action was focused on disabling the malware’s infrastructure at this moment.
When victims launch legitimate apps, FluBot overlays phishing pages on top of the interface, stealing banking and cryptocurrency account details. It can also read SMS messages and monitor alerts, allowing two-factor authentication and OTP tokens to be stolen on the go.
Its quick spread is due to the misuse of infected smartphones’ contact lists to send SMS to all contacts through an individual they trust. The user whose device is misused for spamming is unaware of anything unusual because everything happens in the background. FluBot swiftly raised the number of victims in certain parts of the world by attaining only a few infections and spread quickly there.
Regarding how “patient-zero” is spread, there are laced apps on the Google Play Store, false package delivery notifications, Flash Player app updates, and more. If you suspect FluBot has infected your device, Europol recommends doing a factory reset, which destroys all data from any partitions that may contain malware.
