FluBot’s authors have launched a new campaign that employs phony Android security update alerts to deceive potential victims into downloading the virus.
The message on the malware’s new installation page is actually bait designed to generate a sense of urgency that entices users to run FluBot on their own machines to install, according to a new post by New Zealand computer emergency team Cert NZ.
The new FluBot installation page, which users are directed to after receiving fake messages about pending or missed package deliveries, or even stolen photos posted online, informs them that their devices have been infected with FluBot, an Android spyware that steals financial logins and password data.
FluBot can be removed from your Android smartphone, though, by applying a new security update.
Users are also advised to allow apps from unknown sources to be installed on their device, according to the page.
This allows fraudsters to install bogus security updates on their device, and while the user may believe they are protecting themselves from FluBot, they have actually loaded the virus on their smartphone.
Adapt your strategy
FluBot was previously disseminated by spam text messages on Android cellphones, gathering contacts from devices already infected with the malware.
These messages would advise potential victims to download software in the form of APKs from attacker-controlled servers and install them on their devices.
When FluBot is installed on a user’s smartphone, it frequently tries to persuade them to grant it extra rights, such as access to the Android Accessibility service, which allows it to run in the background and carry out other destructive actions.
FluBot is capable to stealing a user’s payment and banking information by launching overlay attacks on genuine banking, payment, and cryptocurrency apps.
As previously stated, the malware also harvests a user’s contacts in order to send phishing messages to them in order to spread FluBot further.
While FluBot was originally designed to target people in Spain, its owners have since expanded the campaign to include Germany, Poland, Hungary, the United Kingdom, and Switzerland, as well as Australia and Japan.