If you were surprised to see a prompt for Flash (opens in new tab) Player update on your phone, thinking the poor thing died years ago - you’re right. It did die, and the “update” that’s been making rounds online is actually an attempt to get gullible people to install malware onto the endpoints (opens in new tab).
Cybersecurity researchers from MalwareHunterTeam have spotted an SMS phishing campaign targeting Android users. In that campaign, the target would receive an SMS message saying that video upload that they initiated couldn’t be completed without an update to the Flash Player. The same SMS message also provides a link where the “update” ca be found.
However, instead of the actual update, the victims would download the FluBot malware (opens in new tab) - an Android banking trojan that steals login information by overlaying many global banks.
Downloading Android apps from trusted sources
Besides stealing the users’ online identity, FluBot also accesses the device’s contact list and sends out the same message to as many people as possible
It’s been exactly a year since Flash Player was pronounced dead and was no longer available for download. FluBot, on the other hand, gets regular updates. The most recent one, according to the report, was published “only a few days ago”.
In this version (5.2), the Domain Generation Algorithm (DGA) system generates many new Command and Control (C2) domains on the spot. That way, it is able to circumvent many security measures, such as the DNS blocklist. The newest version now uses 30 top-level domains, compared to three, used in previous versions.
All Android devices come with a simple security measure - they don’t allow any APKs to be installed from anywhere else but the Play Store. Users who decide to turn this feature off and wish to install APKs from elsewhere across the web, should make sure they’re downloading from trusted sources.
- You might also want to check out our list of the best firewalls right now
Via: BleepingComputer (opens in new tab)