A password thief malware is spreading on Android

A new spyware spreads in several countries via an SMS reporting a missed delivery. Dubbed FluBot, it targets Android smartphones and steals sensitive data like passwords and banking information.

Watch out for text messages warning you of a missed delivery. This is most likely a false message prompting you to install spyware on Android known as FluBot, Cabassous or FedEx Banker. This is a campaign launched by several groups of cybercriminals to retrieve your passwords and banking information. The problem has become so widespread in the UK that the National Cyber Security Centre (NCSC) has posted a warning on its website.

More and more countries are affected by FluBot, which was first spotted in December. Four people were arrested in Spain in early March, but since then other criminal groups have launched SMS campaigns in several countries and the problem continues to grow. Fraudulent messages have been detected in Europe as well as in Japan.

#Cabassous (#FluBot) actors are heavily developing new overlay targets and also performing an environmental checks (av) before it executing the banker payload. Interesting new countries and developments coming from this private group in such a short period of time. pic.twitter.com/0pWXHaMa1j

— ThreatFabric (@ThreatFabric) April 26, 2021

FluBot spreads through a link sent by SMS

The user receives a text message claiming to be from DHL, FedEx or another carrier, reporting a missed delivery or simply a package in transit. It also contains a link for tracking back to a fraudulent copy of the legitimate service site. The page then prompts the user to download a fake tracking application containing the malware. The app only works on Android, but the UK agency reports that iPhone users could be redirected to a phishing page.

For those who have already clicked on a link and installed the application, the NCSC recommends simply to reset its smartphone to factory settings and not to restore the backup. The agency also invites those who have received such an SMS to transfer it to the spam reporting service

Add Comment