Messages intended to distribute FluBot banking malware are already broadcast in English, German, and even Japanese.
For nearly two months now, a malware called FluBot (also known as Cabassous or FedEx Banker) has been traveling via SMS, sending fraudulent messages to the address list of affected devices and trying to steal users’ access to banking services. As we reported at the end of last month, according to a Telekom announcement, scammers are sending SMS messages about the arrival of packages in the current campaign, and the link in them leads to pages trying to obtain targets for installing a malicious mobile application.
As revealed by unusual information from the National Security Service’s National Cyber Defense Institute (NBSZ NKI), FluBot is constantly monitoring applications running on infected devices. If it detects the launch of an application related to financial or cryptocurrencies, it covers the original application with the so-called overlay technology and next to it opens a similar phishing interface capable of extracting and transmitting user data (username and password). It’s also worth noting that FluBot operators can get full access to their cell phones, so SMS-based two-factor authentication won’t necessarily work for them either.
As NBSZ NKI’s warning indicates, Trojans do not attack devices through apps on the Google Play App Store, but through websites. The To defend So you should keep in mind that installing an app from an unknown source is not a good idea even if the site appears reliable at first glance. Although malware can only infect Android devices, Apple users also have cause for concern, as they can also try to get their data through prepared pages.
It cannot be stopped yet
Meanwhile, more and more alerts are being issued around the world about FluBot campaigns, the latest being, for example, the UK Cybersecurity Center (NCSC) issued a warning and advice on how to remove malware. Consequently, it appears that they are already trying to spread the malware with messages from Amazon, which means that they are developing new brands in addition to courier services, and all three mobile network operators have already confirmed that the scam has appeared on their networks serving a total of 58 million. Client.
Although the phishing attacks in question were first detected in Spain, Polish and German versions of the fake SMS have also appeared in the reports, in addition to Hungarian or English language, and Italian, Dutch, Scandinavian and Japanese users have received these messages recently. The Spaniards have reportedly infected at least 60,000 Android devices with criminals, and campaigns launched in other countries are underway despite the fact that Spanish authorities have already arrested more people in connection with the attacks.
“Social media evangelist. Baconaholic. Devoted reader. Twitter scholar. Avid coffee trailblazer.”