FluBot, The Mobile Phone Spreading Around The Globe, Infecting Phones And Stealing Data
The threats people face online continue to change and evolve. Researchers at NortonLifeLock have been tracking one such threat, FluBot, since it first began its spread across Europe in April 2021. This mobile malware infects and steals data from the phones of unsuspecting victims, highlighting the importance of downloading comprehensive security to help keep devices and data safe.
The malware of the moment, grabbing the headlines, is the aptly named:FluBot. It’s a banking trojan, which means it’s designed to appear legitimate to the receiver. It sends SMS messages to unsuspecting targets, claiming that they missed a call or have a newvoicemail, on some occasions impersonating well-known institutions, like trusted parcel delivery services or banks. Once someone unsuspectingly clicks on the link, they’ve unfortunately given FluBot access to their phone and data. Now installed, it willaccess all the personal information it can gather – passwords, banking information, credit card details and it can even steal the phone’s contacts details tospread to other phones.
While mostly targeting Android devices,iOS users are not exempt from receiving amaliciousFluBotSMS.The good thing: iOS apps can normally only be downloaded via the official Apple App store which makes it much harder for the malware to land on iPhones and iPads.Android users on the other hand need to be morecareful as the appwill install itself on phones that have enabled sideloading – meaning that their owners allow the installation from apps outside of the Google Play store.
How doesFluBotwork exactly?
The successful spread ofthismalwarecan be attributed to its distribution and timing, as a direct result of the impact of the COVID-19 pandemic on people’s digital lives.
- The cyber criminals first step is to sendan SMSto thousands of mobile devices. It could be an SMS advising that you’ve received a voicemail, detailing a specific time and date for the missed call and asking you to “click the link” to access the recording. The other common ruse is to encourage you to click a link so you can apparently see the location of your parcel. Due to COVID-19, more people than ever are using online shops to buy their goods, so receiving a parcel tracking link appears very plausible.
- The links and SMS are disguised to appear as though they come from a familiar and trusted company. However once clicked, they redirect the victim to a webpage. The webpage is designed to look legitimate to encourage the victim to believe they’ve been brought to the official company website. A popup prompt will appear and ask the victim to download and install anapp. This is a malicious app and can be highly dangerous for your personal data. Thedisguised appwillmost likelyaskforaccessibilitypermissions,in order togrant itself even more permissions.
- At that point, the malicious app is now active, armed, and running in the background of the victim’s smartphone.
It willnow start doing the following:
- Spreading further by accessing the phone’scontact list
- Gathering all the sensitive information it can get
FluBot has yet another goal -monitoringwhich apps the victim opens. Ifitrecognizes a target app, the malware jumps into action by serving overlays that look like the real thing, but these are designed to collect the victim’s data.Thefinal stepis to send all the collected user details back to the cybercriminals.
What can you do to help protect yourself againstFluBot?
It’s worth maintaining good mobile hygiene – keep your devices updated with the latest operating system, use strong passwords combined with multi-factor authentication and of course, use comprehensive security to help keep your devices and data safe. That’s where Norton Mobile Security can help, as it alerts and helps defend against FluBot.
- If you are on an Android device, disable “Install Unknown Apps”.A lot of malicious apps find their way on your phone outside of the official Google Play store, but from unknownsources. While it might be tempting to install the occasional app that youcan’tfind in theofficialapp store, if you’re willing to take the risk and trust the source, make sure to disable the feature again afterwards, to reduce any ongoing security risk.
- Never open links that seem suspicious.Check to make sure that the mail is really from the sender it claims to be. If it promises things thatseem to betoo good to betrue,theyprobably are.
- Don’tgrant apps broad permissions, only let them access what they need to function. Avoid any apps that ask for more data than necessary.As can be seen in theFluBotcase, broad permissions can lead to the malware being able to perform their unwanted tasks and spread themselves further.
- Get Protection for your mobile devicewithNorton Mobile Security.
Norton Mobile Securityhas your back
Norton Mobile Security includes SMS Security designed to help keep your device safe from suspicious texts with phishing links. This feature activelyhelps identifySMS text messages with unsafe links and moves them to your junk or unknown sender folder, to help prevent you from inadvertently clicking on them and potentially putting your personal information at risk.