Security News > 2022 > January > FluBot malware now targets Europe posing as Flash Player app
The widely distributed FluBot malware continues to evolve, with new campaigns distributing the malware as Flash Player and the developers adding new features.
Once in the device, FluBot can steal online banking credentials, send or intercept SMS messages, and capture screenshots.
MalwareHunterTeam told BleepingComputer that new FluBot campaigns are distributed using SMS texts asking the recipient if they intended to upload a video from their device.
When recipients click on the included link, they are brought to a page offering a fake Flash Player APK [VirusTotal] that installs the FluBot malware on the Android device.
On the communication side, the new FluBot now connects to the C2 through DNS tunneling over HTTPS, whereas previously, it used direct HTTPS port 443.
In summary, FluBot hasn't deprecated any commands used in previous versions and only enriched its capabilities with new ones.