Security News > 2021 > April > FluBot Android Malware Expected to Start Targeting U.S.

FluBot Android Malware Expected to Start Targeting U.S.
2021-04-29 11:27

The FluBot Android malware is spreading fast across Europe using an SMS package delivery scheme and it's soon expected to arrive in the United States as well, cybersecurity company Proofpoint warned this week.

Initially observed in Spain, FluBot has since expanded operations to reach Germany, Hungary, Italy, Poland, and the UK as well, with tens of thousands of malicious SMS messages that leverage FedEx, DHL, and Correos lures being sent hourly.

The malware is believed to have made over 7,000 victims in the UK alone, where the campaign operators were using more than 700 unique domains for the distribution of FluBot.

Once it has received the necessary permissions, FluBot gains access to the entire device, acting "As spyware, SMS spammer, and credit card and banking credential stealers," Proofpoint explains.

FluBot also sends the victim's contact list to the command and control server, to spread further, and can intercept SMS messages, USSD messages from service providers, and app notifications.

The malware can display overlays for various banking apps, as well as for Google Play verification, and can validate captured credit card numbers locally and only then send them to the C&C. "FluBot is likely to continue to spread at a fairly rapid rate, moving methodically from country to country via a conscious effort by the threat actors. As long as there are users willing to trust an unexpected SMS message and follow the threat actors' provided instructions and prompts, campaigns such as these will be successful," Proofpoint concludes.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/M0eGLRqXcwM/flubot-android-malware-expected-start-targeting-us