FluBot banking malware is spreading like wildfire over SMS

Phone malware
(Image credit: Shutterstock)

Authorities in Finland are warning that the FluBot Android malware is once again being distributed by SMS to users in the country.

Finland's National Cyber Security Center (NCSC-FI) recently put out an alert that scam messages are being sent out with the hope that unsuspecting users will click on a link contained within them. Clicking on this link takes them to a website that requests permission to install a malicious application that is used to deliver the FluBot malware to their Android smartphones.

A similar campaign occurred over the summer and at that time, the NCSC-FI also sent out an alert warning users of the dangers posed by FluBot.

In its most recent alert, the NSCS-FI explained how Finnish users can easily spot these scam messages to avoid falling victim to this latest FluBot campaign, saying:

“The FluBot campaigns employs numerous different text messages with different wordings and links. The messages are written in Finnish. They are written without Scandinavian letters (å, ä and ö) and include, for example, the characters +, /, &, % and @ in illogical places in the text to make it more difficult for telecommunications operators to filter the messages.”

Switching back to SMS

According to the NCSC-FI, around 70k of these scam messages were detected over a 24-hour period and a voicemail message or a message from a user's mobile operator was used as a lure to entice people to click on the link contained in the messages.

If a user fell for the scam, clicked on the link and had their device infected with FluBot, the agency recommends that they perform a factory reset of their device to remove the malware. Alternatively, iPhone users that received these scam messages should also avoid clicking on any links they contain as they redirect to fraud and phishing sites as opposed to prompting a user to install an app.

Once installed on an Android device, FluBot is able to access their contacts, send out spam texts to other users, read messages, steal credit card details and passwords typed into apps, install additional applications and perform other malicious activities.

While FluBot has primarily been spread using SMS, a recent campaign from the creators of the malware used fake Android security updates to trick potential victims to installing it themselves. This allowed the malware to avoid detection but in this latest campaign, the use of characters such as “+, /, &, % and @” in the message text is making it more difficult for mobile carriers to filter these messages so that they aren't delivered to their customers' smartphones.

We've also featured the best malware removal software, best ransomware protection and best antivirus

Via The Register

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.