Tag: Flubot | SpinSafe

Finland Fending Off FluBot Malware, Again

December 1, 2021/in Mobile Security

The Finnish National Cyber Security Centre (NCSC-FI) has issued a warning to citizens about the current version of the FluBot malware campaign which is affecting “tens of thousands of people in Finland.”

The malware campaign leverages SMS by sending out numerous text messages, according to NCSC-FI. The messages, all of which are written in Finnish, use different verbiage.

A telltale way to identify the messages as illegitimate is to look at the alphabet used in the creation of the messages; they are missing certain Scandinavian letters (å, ä and ö) and include symbols in odd places. The analysis by the NCSC-FI is that the insertion of these symbols is by design—to make it difficult for telecom operators to filter out the FluBot SMS messages.

While the individual message text may vary, the underlying theme and the socially engineered “hook” is that the recipient has received a voicemail. Clicking on an included link will prompt them to allow installation of an app onto their device to listen to the fake voicemail; if they allow it, the malware is then installed.

The NCSC-FI advises that the malware, once in place, steals the individual’s data and also sends additional “malware-spreading scam messages.”

Déjà FluBot

This is not the first instance of the FluBot malware appearing in Finland. The June 2021 campaign saw thousands of victims falling for the scam. Back in June, the hook was that the recipient had a “package awaiting delivery” and the link ostensibly took the user to a package tracking site.

The current campaign is targeting Android devices with a mobile subscription from a local telecommunications operator. Apple device owners are redirected to another website controlled by the cybercriminals.

Antti Turunen, head of anti-fraud at Telia, said this instance of FluBot is worse than the summer campaign. Teemu Makela, chief information security officer (CISO) at Elisa Oyj, added, “The malware attack is highly unusual and very alarming. A significant number of text messages are passing through. It is estimated [that] millions of SMS messages are passing through the various mobile service providers with Telia indicating it had intercepted several hundred…

Source…

Android Flubot virus now spreads via fake security updates

October 3, 2021/in Internet Security

The Flubot malware has switched to a new and likely more effective lure to compromise Android devices, now trying to trick its victims into infecting themselves with the help of fake security updates warning them of Flubot infections.

“Your device is infected with the FluBot® malware. Android has detected that your device has been infected,” the new Flubot installation page says. The Week in Ransomware – October 1st 2021 – “This was preventable” “FluBot is an Android spyware that aims to steal financial login and password data from your device. You must install an Android security update to remove FluBot.”

As New Zealand’s computer emergency response team (CERT NZ) warned earlier today, the message on Flubot’s new installation page is only a lure designed to instill a sense of urgency and pushing potential targets to install malicious apps.

Potential victims are also instructed to enable the installation of unknown apps if they’re warned that the malicious app cannot be installed on their device. “If you are seeing this page, it does not mean you are infected with Flubot however if you follow the false instructions from this page, it WILL infect your device,” CERT NZ explained.

This banking malware (also known as Cabassous and Fedex Banker) has been active since late 2020, and has been used to steal banking credentials, payment information, text messages, and contacts from compromised devices.

The SMS messages used to redirect targets to this installation page are about pending or missed parcel deliveries or stolen photos uploaded online.

Until now, Flubot spread to other Android phones by spamming text messages to contacts stolen from already infected devices and instructing the targets to install malware-ridden apps in the form of APKs delivered via attacker-controlled servers.

Once deployed via SMS and phishing, the malware will try to trick the victims into giving additional permissions on the phone and grant access to the Android Accessibility service, which allows it to hide and execute malicious tasks in the background.

Flubot will effectively take over the infected device, gaining access to the victims’ payment and banking info in the process via…

Source…

Got this Flubot malware warning on your Android phone? Beware, it’s a trap

October 3, 2021/in Computer Security

The infamous Flubot malware is back and hackers have found new ways to infect Android phones with the virus. Cybercriminals are sending messages warning users that their phone has been infected with the dangerous malware or suffered a data breach. These messages are fake. The users are then asked to click on a link to take action against the virus, but it is actually meant to install the malware on their devices.

Earlier the Flubot malware used to send text messages to users with a link to listen to their voicemail. The message has now been changing frequently to confuse people and trick them into allowing the malware to enter their device.

Also Read: Trojan malware attack: How fraudsters pose as Tax Dept to siphon off your money

A month ago, cyber security firm Trend Micro tricked users by offering fake voicemail applications. The text messages they would send contained a link that took users to a website that looked like it was run by a telecom operator. But they were actually allowing the malware to infect their phones.

Now, Computer Emergency Response Team of New Zealand (CERT NZ) has discovered that the hackers are changing text messages duping users into installing Flubot. The messages sent to Android phone users have been changing rapidly, from package delivery alerts, to warnings that Flubot has infected their devices.

ADVISORY: Parcel Delivery Text Infecting Android Phones. You may be at risk if you have received a text message about a parcel or delivery specifically if you have an Android phone. For full information, read our advisory here: https://t.co/VPv0bSjriJ

— CERT NZ (@CERTNZ) September 29, 2021

If you are seeing this page, it does not mean you are infected with Flubot however if you follow the false instructions from this page, it WILL infect your device. https://t.co/KrcPhCQB90

— CERT NZ (@CERTNZ) September 30, 2021

The latest update by CERT NZ shows the messages claiming that photos of the recipient have been uploaded and they can be views by clicking on the attached link.

UPDATE: The wording of some of the text messages has changed. Some texts…

Source…

Flubot Android malware now spreads via fake security updates

October 1, 2021/in Internet Security

Flubot Android malware now spreads via fake security updates

The Flubot malware has switched to a new and likely more effective lure to compromise Android devices, now trying to trick its victims into infecting themselves with the help of fake security updates warning them of Flubot infections.

As New Zealand’s computer emergency response team (CERT NZ) warned earlier today, the message on Flubot’s new installation page is only a lure designed to instill a sense of urgency and pushing potential targets to install malicious apps.

“Your device is infected with the FluBot® malware. Android has detected that your device has been infected,” the new Flubot installation page says.

“FluBot is an Android spyware that aims to steal financial login and password data from your device. You must install an Android security update to remove FluBot.”

Potential victims are also instructed to enable the installation of unknown apps if they’re warned that the malicious app cannot be installed on their device.

“If you are seeing this page, it does not mean you are infected with Flubot however if you follow the false instructions from this page, it WILL infect your device,” CERT NZ explained.

The SMS messages used to redirect targets to this installation page are about pending or missed parcel deliveries or stolen photos uploaded online.

This banking malware (also known as Cabassous and Fedex Banker) has been active since late 2020, and has been used to steal banking credentials, payment information, text messages, and contacts from compromised devices.

Until now, Flubot spread to other Android phones by spamming text messages to contacts stolen from already infected devices and instructing the targets to install malware-ridden apps in the form of APKs delivered via attacker-controlled servers.

Once deployed via SMS and phishing, the malware will try to trick the victims into giving additional permissions on the phone and grant access to the Android Accessibility service, which allows it to hide and execute malicious tasks in the background.

Flubot will effectively take over the infected device, gaining access to the victims’ payment and banking info in the process via downloaded webview phishing page overlayed on top of legitimate mobile banking and…

Source…

Tag Archive for: Flubot

Déjà FluBot