Threat actors behind the Flubot android malware are employing a new technique to fool Android users into downloading the malicious code. The attackers are sending fake SMS messages of potential security threat and are tempting Android users to install a security update.
If installed, the Flubot Android malware steals passwords, bank details and other private details information from compromised devices. The malware also exploits permissions on the smartphone to spread itself to other victims, allowing the infection chain to continue.
“Your device is infected with the FluBot malware. Android has detected that your device has been infected. FluBot is an Android spyware that aims to steal financial login and password data from your device. You must install an Android security update to remove FluBot,” states the fake security warning discovered by CERT NZ researchers.
Last month, security firm Trend Micro explained how the Flubot malware tricked users into installing fake voicemail apps after taking users to a website that was designed to look like a mobile operator. Now, the Computer Emergency Response Team of New Zealand (CERT NZ) is warning users that the fake security warning is only a bait designed to instill a sense of temptation and pushing potential victims to install malicious apps.
In previous attacks, the malware was spreading by spamming text messages to contacts from compromised devices phones that instruct them to install malicious apps from servers under the possession of threat actors.
The malware has been active since late 2020, and has targeted several European countries. Researchers have advised Android users to not click on the malicious link and if someone has clicked on the link, then do not enter any passwords or login to any service on your device. Immediately, factory reset the phone, only backing up data that is required.
It can be an uphill task to keep up with mobile alerts, but it's worth remembering that it's unlikely that companies will ask you to download an application from a direct link – downloading official apps via official app stores is the effective method to try to keep safe when downloading apps. Additionally, change all online account passwords, specifically those linked to online bank accounts and contact your bank immediately.