FluBot Financial Malware Delivered Through SMS and MMS

Flubot malware sends text messages to both Androids and iPhones. There are a large number of different types of Flubot text messages and scammers are updating them all the time.

In Finland, the FluBot malware campaign has been activated again. This malware steals data from the user’s device and is distributed via SMS and MMS.

The FluBot Malware

The FluBot campaign, which sends scam messages, was last seen in Finland in December 2021. Experts say, in this campaign, malware is also spreading through multimedia messages (MMS).

FluBot operators use SMS messages claiming to contain links to voicemail, missed call notifications, or alerts about incoming money from an unknown financial transaction. This malware appear to steal financial account credentials of its victims by overlaying phishing pages on top of the legitimate banking and cryptocurrency applications.

The report says, in messages the words would have been broken with spaces. No malware is distributed to iPhone users, but they are redirected from scam messages to subscription messages and other scams.

The subject of a message that spreads malware may include an incoming voice message, a missed call, or a notification of an incoming transmission. Also, the user is asked to open the link in the message.

Upon clicking the link, the user is prompted to install the malware on a web page that opens behind the link. The malware request the user for their approval for installation. An effort is made to convince the user to disable the device security settings to install the malware.

Voicemail alert urging the user to download an app

Recommendations for Protection

It is recommended that links in scam messages should not be opened. Do not install applications from outside the app stores on the devices. If you have installed malware, take immediate action. The quickest way to fix this is to restore the contaminated device to factory settings.

If You Have Installed FluBot Malware on Your Device

  • Reset the device to factory settings. When restoring from a backup, make sure that the device is restored to the backup created before the malware was installed.
  • If you used a banking application or processed credit card information on an infected device, please contact your bank.
  • Report a monetary loss.
  • Change passwords for services you have used on your infected device. The malware may have stolen your password if you logged in to the service after installing the malware.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.


Gurubaran is a Security Consultant, Security Editor & Co-Founder of Cyber Security News & GBHackers On Security.

Recent Posts

SSNDOB Marketplace Admin Jailed for Selling millions of Americans Data

In a resounding triumph for justice, U.S. District Judge Kathryn Kimball Mizelle has sentenced Vitalii…

11 hours ago

Is Your Online Store Hacked in a Carding Attack? Here’s an Action Plan to Protect

Hackers are plotting to benefit from the generosity of Halloween, Thanksgiving, and Christmas shoppers using…

14 hours ago

Google Researchers Find Out How ChatGPT Queries Can Collect Personal Data

The LLMs (Large Language Models) are evolving rapidly with continuous advancements in their research and…

14 hours ago

New Android Malware Employs Various Tactics to Deceive Malware Analyst

In the dynamic realm of mobile application security, cybercriminals employ ever more sophisticated forms of…

16 hours ago

DJvu Ransomware Mimic as Cracked Software to Compromise Computers

A recent campaign has been observed to be delivering DJvu ransomware through a loader that…

17 hours ago

Okta Hack: Threat Actors Downloaded all Customer Support System Users’ Data

In a pivotal update to the Okta security incident divulged in October 2023, Okta Security…

18 hours ago