If you are using Android, you need to know about FluBot. The scam first appeared in late 2020 and is now spreading like wildfire through Android devices, using SMS messages to trick users into downloading malware. Let’s detail what happens when your device crashes with a FluBot case
The Android operating system has just run out 70% Market share in the global smartphone operating system market. For cybercriminals, this is a large and irresistible pool of potential targets. This is why Android has been a green target for hackers – if even a small portion of their attacks are successful, the rewards can be huge.
One of the new threats in the city is FluBot malware. It was initially discovered approx Affects the devices of Android users in Spain December 2020 before spreading to other European countries in early 2021. Since then it has infected devices in Australia and New Zealand And continues to spread rapidly to others as well.
In this article we will answer the following questions:
- What is FluBot malware and how does it get into a user’s device?
- What happens if your phone gets infected with FluBot?
- What should you do if your device is infected with FluBot?
- How can you prevent your Android devices from being infected with FluBot malware?
What is FluBot Malware? Setting up FluBot Android malware
FluBot, which BleepingComputer says also known as Fedex Banker and Cabassous, is a type of malware that infects smartphones and Android devices via text messaging. After infection, the malware gives hackers access to the operations of the affected Android device.
Once a user downloads the malware, hackers can use their approach to perform one or all of the following:
- Steal credentials, credit card numbers and other sensitive information,
- Disable the built-in security mechanisms,
- Send messages from the victim’s devices, and
- Perform many other malicious actions on the infected device.
How FluBot infects Android devices: A look at FluBot scam messages
FluBot travels via SMS text messages, sending a link as part of the messages to the recipients. Although both Android and Apple phones can get Messages With FluBot, only Android devices can be infected with malware. Messages may talk about incoming delivery, software update, or even indicate that your phone is infected with malware or that you were part of a data breach.
The common factor is that each message contains a link to a download page. These links are usually disguised as one of the following to entice you to download and install the software:
- Antivirus / anti-malware software
- Voicemails
- Delivery tracking apps
- software updates
- Shared photo albums
- Other types of software are tempting to download
In reality, the link takes the victim to a FluBot malware download page. Your device will not be infected unless you download and install the malware. If you receive unwanted SMS messages related to these topics, take extra care and avoid clicking on any links.
Here’s a brief example of how the message looks and what happens when you click on the fake link:
What harm can FluBot software cause?
FluBot seems to be spreading to every corner of the globe. as per Proponent’s assessments, There were 7,000 FluBot-infected devices in the UK until April 2021, when tens of thousands of malicious SMS messages were sent every hour. In Australia, of the Government Fraud watch The service received more than 16,000 reports of FluBot scams between August and October 2021 alone.
But what happens once a device is infected? Once installed on an Android device, FluBot can:
- Theft of victims’ entry permits, including permits to financial institutions such as banks.
- Access the entire victim contact list and send FluBot-laden text messages to all contacts. It blocks the recipients after sending the message, which means they can not send text back or call the sender (i.e., the original victim) to verify the authenticity of the message.
- Disable the built-in security features offered by the Android operating system and third-party security programs to prevent detection and removal.
- Intercept SMS messages sent by banks with passwords or verification codes needed to confirm money transfers.
A disturbing aspect of FluBot malware is that you will not see typical symptoms of infection like slowing down your phone or the screen freezing. You will probably only notice FluBot when it’s too late – after the scammer has already done something nasty.
How do I know if I have FluBot? 3 main warning signs to pay attention to
Detecting an infection with FluBot malware can be challenging. However, Telstra shares three warning signs That you can pay attention to on your devices:
- An app titled “Voicemail” appears on your smartphone with a blue tape icon inside a yellow envelope.
- You receive messages from friends, family or other contacts regarding messages or phone calls they have received from you that you have not sent or made.
- Your network provider warns that a large number of text messages have been sent from your device.
My phone is infected with FluBot – what now?
If you suspect that your phone is already affected by FluBot, you need to act quickly to limit the damage and prevent the spread of malware. Here’s what you need to do:
- Perform a factory reset. The only known way to get rid of FluBot is to return the phone to the factory settings. This will erase all data, including the virus. The steps for resetting the manufacturer vary with different manufacturers, but the process usually looks something like this:
- go to Definitions
- Select editorial board
- Select Zero options
- Select Delete all data (reset to factory settings)
- Select Reset the phone
- knock Delete everything
To date, no anti-malware company has claimed that it can successfully detect and remove FluBot. Therefore, for now, resetting to factory settings is the only way to get rid of it.
- Get professional help with data backup. Data backups should not be taken after you have been infected with FluBot, as they may have already spread to other folders and applications. This means that a backup will aggravate the situation, as FluBot malware can re-infect your device or other devices when you recover the data. If you need to take a backup before performing a factory reset, get professional help.
- Change your passwords. FluBot is notorious for stealing certificates. It’s essential that you change your login information for all the online apps and accounts you access with your phone. Some important points:
- Change Certificates After factory reset: Do not change details before resetting the manufacturer, otherwise FluBot will also have access to the new credentials.
- If possible, we areGod Device other than God Infected phone: If you can access apps and websites from your laptop, tablet or other device that is not infected with FluBot, you can change the credentials before resetting the manufacturer.
- enable Two-factor authentication. Enabling two-factor authentication, especially for banking and financial applications, ensures that hackers will not be able to access your accounts without a unique OTP or a secret code sent to your phone number. This step provides an additional layer of security in the event of a certificate violation.
- Contact the relevant regulatory authority. If your country has a cyber security division or other authority to deal with cybercrime, report the incident to them through their processes and procedures. Different countries have different ways of dealing with cybercrime and often have specific processes for reporting cyber threats. for example:
- The Department of the Interior of New Zealand (DIA) and CERT NZ have parent For their citizens to forward the suspicious text message related to FluBot to 7726.
- UK citizens can send the link to report@phishing.gov.uk.
- Australians need to report FluBot scam on Australian government ReportCyber website.
How to prevent FluBot scams from infecting your organization’s devices
Please note that your phone cannot be infected with FluBot malware unless you or one of your employees downloads the software. That is, even if you receive the text message you open and click on the link, the virus will not be able to invade your phone unless you download the malware-laden software. Your device will display a security warning before downloading the software. If you abandon the download at this point, you will still be safe.
Here are some basic ads tips to help you avoid FluBot:
- If you are expecting shipping packages, follow it through the official website of the seller or shipping partner. Never click on links in SMS messages claiming to be from shipping companies.
- Always use up-to-date and legitimate versions of software from official sources. Never follow links in text messages or emails asking you to download or install software applications.
- If you receive a message stating that your device is infected with a virus / malware, do not click on the link to download the antivirus program even if you notice signs of a possible infection on your device. Instead, go to an official app store or install anti-malware programs from the official websites of reputable companies like Comodo, Malwarebytes, AVAST, Norton, McAfee and Bitdefender.
- If you receive a strange message from one of your contacts, call them directly to confirm the legality of the message. If you can not contact them via SMS or phone call, FluBot may have blocked you on their device. Address them in another way like social media or landline, and do not click on anything in the text message.
- Train your employees to identify and respond to phishing scams and other cyber threats. Cyber awareness training is of paramount importance to individuals and organizations alike. This is something that can help you stay safe online and keep your accounts secure. Cyber awareness training covers a wide range of topics, including best practices for cyber security.
Recent Thoughts on FluBot Malware
Imagine your friend calling you and asking about the SMS he received from you, but you have no idea. Or receive notification of a financial transaction from your bank account that you have not made. Such incidents occur if your device is infected with FluBot malware.
If you are an Android user who has opened a link from a text message and downloaded a software, there is a high chance that your device is affected by FluBot malware. Please follow the steps described in this article to protect your phone from further damage.