The FluBot Android malware attacks smartphones through spoofed text messages before using the infected devices to attack others.
In this time of a global pandemic, we can all see how a disease spreads quickly. A person infected with Covid-19 unintentionally infects other people who in turn will spread the virus despite themselves. The FluBot malware that plagues Android works similarly via using text messages.
The UK’s National Cyber Security Center (NCSC) has indeed sounded the alarm and urges everyone to be extremely careful. FluBot indeed seems to be spreading very quickly since it uses pirated smartphones to attack others, like a contagious disease.
Use the hacked smartphone to attack others
The people concerned receive a fraudulent SMS claiming to come from a delivery service such as DHL or Amazon. The message in question invites victims to click on a link to install an application to track the delivery of their packages. It is obviously a trap and the app thus installed turns out to be a vacuum cleaner of personal data accessing in particular banking information.
Once installed, FluBot obtains the necessary permissions to, among other things, access the contact directory. It is thanks to this that he can subsequently target other people using the same method.
Sites that encourage the installation of malware
The malware is also pernicious in the way it tricks victims into installing the application. The link contained in the fraudulent SMS indeed refers to a download web page. However, on Android, installing APK files from a web browser is not allowed by default. However, the bogus sites that victims are referred to are full of instructions on how to get around these restrictions.
As a reminder, installing an Android application from a website should be done if and only if you have full confidence in the source. If you have any doubts, prefer more classic application stores like the Play Store.