FluBot, the malware that pretends to be an antimalware to infect you

Hackers never rest and are always looking for new methods to harvest victims. A clear example of this is the reinvention of the dangerous FluBot malware, which now uses a unique method to infect Android mobile devices with the aim of stealing banking information.

According to security researchers at Cert NZ, malware now arrives via text messages. Delivering a package or downloading some photos are the new lures used. In both cases there is a link attached.

When the user enters the link, he is redirected to a fake page. It either invites the user to download an application to track the package or a fake one appears. warning that the device has been infected by FluBot. In the second case, it recommends downloading software to remove the malware.

The truth is that up to that point the user has not yet been infected, and this is a strategy to trick him into installing a malicious application that will infect his device. If you fall into the trap and decide to install the recommended application, you will be prompted to enable installation of unknown apps.

In case you continue with the installation of the malicious app Android may display a warning. This will say that an attempt is being made to install an app from an unidentified developer. If the user chooses to ignore the warning, the installation will continue and the malicious app will ask for access to a variety of permissions.

Credit: Cert NZ

FluBot malware takes control of your phone

Once those permissions are granted, the FluBot malware will be able to access the call log, read and send SMS, access the phonebook, run in the background, and disable battery optimization to avoid being shut down. In addition, it will be able to overlay other applications, enter commands and read screen content.

With all that ability to control the phone, the FluBot malware will be able to steal sensitive personal information. By recording the screen, it can, for example, capture data entered into a banking app.

As Cert NZ points out, the initial SMS is most likely to arrive from a known contact. For the malware, when it takes control of the smartphone, gains the ability to resend itself. iPhone users, while they may receive the message, cannot be infected as the malicious app is intended for Android.

Share