Source: MIL-OSI Submissions
The threats people face online continue to change and evolve. Researchers at NortonLifeLock have been tracking one such threat, FluBot, since it first began its spread across Europe in April 2021. This mobile malware infects and steals data from the phones of unsuspecting victims, highlighting the importance of downloading comprehensive security to help keep devices and data safe.
What is FluBot?
The malware of the moment, grabbing the headlines, is the aptly named: FluBot. It’s a banking trojan, which means it’s designed to appear legitimate to the receiver. It sends SMS messages to unsuspecting targets, claiming that they missed a call or have a new voicemail, on some occasions impersonating well-known institutions, like trusted parcel delivery services or banks. Once someone unsuspectingly clicks on the link, they’ve unfortunately given FluBot access to their phone and data. Now installed, it will access all the personal information it can gather – passwords, banking information, credit card details and it can even steal the phone’s contacts details to spread to other phones.
While mostly targeting Android devices, iOS users are not exempt from receiving a malicious FluBot SMS. The good thing: iOS apps can normally only be downloaded via the official Apple App store which makes it much harder for the malware to land on iPhones and iPads. Android users on the other hand need to be more careful as the app will install itself on phones that have enabled sideloading – meaning that their owners allow the installation from apps outside of the Google Play store.
How does FluBot work exactly?
The successful spread of this malware can be attributed to its distribution and timing, as a direct result of the impact of the COVID-19 pandemic on people’s digital lives.
The cyber criminals first step is to send an SMS to thousands of mobile devices. It could be an SMS advising that you’ve received a voicemail, detailing a specific time and date for the missed call and asking you to “click the link” to access the recording. The other common ruse is to encourage you to click a link so you can apparently see the location of your parcel. Due to COVID-19, more people than ever are using online shops to buy their goods, so receiving a parcel tracking link appears very plausible.
The links and SMS are disguised to appear as though they come from a familiar and trusted company. However once clicked, they redirect the victim to a webpage. The webpage is designed to look legitimate to encourage the victim to believe they’ve been brought to the official company website. A popup prompt will appear and ask the victim to download and install an app. This is a malicious app and can be highly dangerous for your personal data. The disguised app will most likely ask for accessibility permissions, in order to grant itself even more permissions.
At that point, the malicious app is now active, armed, and running in the background of the victim’s smartphone.
Spreading further by accessing the phone’s contact list
Gathering all the sensitive information it can get
FluBot has yet another goal - monitoring which apps the victim opens. If it recognizes a target app, the malware jumps into action by serving overlays that look like the real thing, but these are designed to collect the victim’s data. The final step is to send all the collected user details back to the cybercriminals.
What can you do to help protect yourself against FluBot?
It’s worth maintaining good mobile hygiene – keep your devices updated with the latest operating system, use strong passwords combined with multi-factor authentication and of course, use comprehensive security to help keep your devices and data safe. That’s where Norton Mobile Security can help, as it alerts and helps defend against FluBot.
If you are on an Android device, disable “Install Unknown Apps”. A lot of malicious apps find their way on your phone outside of the official Google Play store, but from unknown sources. While it might be tempting to install the occasional app that you can’t find in the official app store, if you’re willing to take the risk and trust the source, make sure to disable the feature again afterwards, to reduce any ongoing security risk.
Never open links that seem suspicious. Check to make sure that the mail is really from the sender it claims to be. If it promises things that seem to be too good to be true, they probably are.
Don’t grant apps broad permissions, only let them access what they need to function. Avoid any apps that ask for more data than necessary. As can be seen in the FluBot case, broad permissions can lead to the malware being able to perform their unwanted tasks and spread themselves further.
Get Protection for your mobile device with Norton Mobile Security.
Norton Mobile Security has your back
Norton Mobile Security includes SMS Security designed to help keep your device safe from suspicious texts with phishing links. This feature actively helps identify SMS text messages with unsafe links and moves them to your junk or unknown sender folder, to help prevent you from inadvertently clicking on them and potentially putting your personal information at risk.