Flubot Malware Tricks Android Users With Fake Security Update

Flubot, which first made its appearance in Spain in early 2021 and then spread to the rest of Europe, is back. Criminals mainly use an SMS-based phishing tactic to spread the Flubot malware and have now started diversifying their approach.

This isn’t the first time a tactic of this kind has tricked mobile users into downloading malicious software. It often happens through other means, such as infected apps on Google Play. But as of late, cybercriminals seem to be increasing their focus on text message-based tricks. The new wormable malware that spreads through WhatsApp messages recently making headlines as well. Here’s how the Flubot malware works and what people can do to avoid it.

How Does the Flubot Malware Work?

When Flubot first made its appearance, it masqueraded as a parcel delivery company. The phishing SMSs people received let them know a package was on its way and urged them to click on a link to track it. The link then led them to a fake website that told them to download a tracking app for their package.

That app turned out to be the malware in disguise, which tracked everything these Android users’ did on their phones. A lot of the time, cybercriminals use this to gather data. In this case, they were looking for login credentials to people’s financial accounts, like their online banking accounts and investment or cryptocurrency accounts.

Its success likely stems from people being more willing to trust SMSes from unknown numbers than emails from strangers these days. However, SMS phishing scams are still alive and thriving.

The Latest Flubot Trap

The only way for something like Flubot to survive is if people stay ignorant – but since it became widespread news, the jig was up. The result is that cybercriminals had to improvise and develop other ways of convincing people to download their malware. So the tactic has changed a bit.

While there are a few different approaches, the one that seems to be sticking (at least right now) is a message about photo album sharing. Strangely enough, it claims that someone is attempting to share an album of photos with the Android user.

The message contains a link that can direct to a warning page that, ironically, tells them their device is infected with Flubot. It then urges them to install a security update. There is no update, though, as it’s just the actual Flubot malware that they’re installing.

Some Tips on Avoiding Malware

Start with always erring on the side of caution. Carefully think through any message or notification. If someone’s not expecting a package, then why would they click on the link? Also, do some research first. Check to see if the delivery company (or whatever the message claims) is legit. See if anyone else has received a similar message and said anything about it.

Right now, the Flubot malware doesn’t seem to do anything if someone just clicks on the link. They have to download the “app” or “security update” for it to work. But that can change in the future, and there are other types of malware where just clicking on the link is enough.

Being proactive can also help in case something happens. Using an antivirus (yes, even on an Android smartphone) can help detect and contain malware. Other cybersecurity tools like an Android VPN client and password manager can also help add extra layers of protection. Don’t forget to enable two-factor authentication either, which can keep attackers out even if they discover an account’s login details.

Also, make sure apps can’t install additional unknown apps without permission. This will prevent any apps from secretly installing hidden apps. On most new Android phones, this can be done by heading to Settings > Apps > Special access > Install unknown apps, then click on “Not allowed.”

Staying Safe From Flubot Malware

Malware isn’t going away any time soon – in fact, it keeps evolving using more convincing and complicated tactics. The only way to stay ahead of criminals is to be vigilant and prepared. By staying up to date with recent developments like this one, thinking before clicking on any links, and using cybersecurity tools.

Exit mobile version