FluBot Financial Malware

Flubot malware sends text messages to both Androids and iPhones. There are a large number of different types of Flubot text messages and scammers are updating them all the time.

In Finland, the FluBot malware campaign has been activated again. This malware steals data from the user’s device and is distributed via SMS and MMS.

The FluBot Malware

The FluBot campaign, which sends scam messages, was last seen in Finland in December 2021. Experts say, in this campaign, malware is also spreading through multimedia messages (MMS).

FluBot operators use SMS messages claiming to contain links to voicemail, missed call notifications, or alerts about incoming money from an unknown financial transaction. This malware appear to steal financial account credentials of its victims by overlaying phishing pages on top of the legitimate banking and cryptocurrency applications.

The report says, in messages the words would have been broken with spaces. No malware is distributed to iPhone users, but they are redirected from scam messages to subscription messages and other scams.

The subject of a message that spreads malware may include an incoming voice message, a missed call, or a notification of an incoming transmission. Also, the user is asked to open the link in the message.

Upon clicking the link, the user is prompted to install the malware on a web page that opens behind the link. The malware request the user for their approval for installation. An effort is made to convince the user to disable the device security settings to install the malware.

Voicemail alert urging the user to download an app

Recommendations for Protection

It is recommended that links in scam messages should not be opened. Do not install applications from outside the app stores on the devices. If you have installed malware, take immediate action. The quickest way to fix this is to restore the contaminated device to factory settings.

If You Have Installed FluBot Malware on Your Device

  • Reset the device to factory settings. When restoring from a backup, make sure that the device is restored to the backup created before the malware was installed.
  • If you used a banking application or processed credit card information on an infected device, please contact your bank.
  • Report a monetary loss.
  • Change passwords for services you have used on your infected device. The malware may have stolen your password if you logged in to the service after installing the malware.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.