FluBot’s authors have launched a new campaign that employs phony Android security update alerts to deceive potential victims into downloading the virus.
The message on the malware’s new installation page is actually bait designed to generate a sense of urgency that entices users to run FluBot on their own machines to install, according to a new post by New Zealand computer emergency team Cert NZ.
The new FluBot installation page, which users are directed to after receiving fake messages about pending or missed package deliveries, or even stolen photos posted online, informs them that their devices have been infected with FluBot, an Android spyware that steals financial logins and password data.
This allows fraudsters to install bogus security updates on their device, and while the user may believe they are protecting themselves from FluBot, they have actually loaded the virus on their smartphone.
Adapt your strategy
FluBot was previously disseminated by spam text messages on Android cellphones, gathering contacts from devices already infected with the malware.
When FluBot is installed on a user’s smartphone, it frequently tries to persuade them to grant it extra rights, such as access to the Android Accessibility service, which allows it to run in the background and carry out other destructive actions.
FluBot is capable to stealing a user’s payment and banking information by launching overlay attacks on genuine banking, payment, and cryptocurrency apps.
While FluBot was originally designed to target people in Spain, its owners have since expanded the campaign to include Germany, Poland, Hungary, the United Kingdom, and Switzerland, as well as Australia and Japan.
