How to Avoid FluBot Malware on Your Android

Can we, as a collective technology community, agree that fraud and malicious hacks are bad and shouldn’t be done anymore? Not? Okay, back to the reality where your Android phone is being attacked by yet another malware scam, and yet another nefarious tactic is being used. Here’s what you need to know about FluBot and how to keep your data safe.

A brief history of FluBot

FluBot is not a new threat, but it is definitely undergoing a renaissance. Malware first appeared in early 2021 , originating in Spain and spreading throughout the UK and the rest of Europe. It infects victims’ smartphones, starting with an SMS message, which is an official warning from the delivery company, informing the victim of the arrival of the package and prompting her to click a URL to track it.

A page will open prompting the user to download the package tracking application. The tracking app – surprise, surprise – turned out to be malicious, injecting dangerous malware into the smartphone that spied on the user’s actions on the smartphone. The goal, of course, was to steal your login details so that hackers could rob your bank accounts. How thoughtful.

FluBot has new tricks up its sleeve

Hackers like those behind FluBot thrive on ignorance and scams. Thus, they probably saw diminishing returns as affected regions of the world learned about malware; government agencies in countries covered by FluBot have warned citizens about Flubot by disclosing a type of message that primarily tries to trick users into downloading an issue.

So what do FluBot hackers do? They must develop. Just as the Inception team turned the brand’s attention to the nature of sleep , hackers are turning the world’s attention to FluBot. Now, when you click on a link in their malicious text messages, they pop up a pop-up warning that their phones are infected with FluBot. According to FluBot, the only way to uninstall FluBot is to download an “Android security update”. (Unsurprisingly, the Android Security Update is infected with FluBot.)

You can also see this pop-up as a warning that you have a special voicemail that you can only listen to through a specific application (this is not one of their most compelling ideas in my opinion). These schemes are distributed all over the world; CERT NZ, a New Zealand Computer Emergency Response Team, recently published an excellent blog post on the topic for its citizens , but it applies to anyone who might come across a FluBot scam.

How to prevent your smartphone from getting infected by FluBot

First, and most obviously, do not follow these links. As a rule, do not follow strange links, for example, with a request to track a package that you did not order. These are simply cybersecurity best practices; always check the validity of a link before opening it, whether on a smartphone, tablet or computer. Please note that FluBot only affects Android phones; iPhone can receive a message and open a popup, but the app cannot be installed on iOS.

You can also make sure that your Android apps cannot install additional unknown apps without your permission. This will prevent apps like FluBot from penetrating your device. For Android 8 or later, go to Settings> Apps> Special Access> Install Unknown Apps , then make sure your apps are set to Not Allowed . If any application says Allowed , switch it to Not Allowed . For Android 7 or earlier, go to Settings> Security (or Lock Screen & Security ) and make sure Unknown Sources is turned off.

If you’ve followed the link in the text message but haven’t downloaded any apps, the good news is that there is no risk at this time. It is our understanding that FluBot is only effective after you actually download the app linked to the link in the popup; the link in the SMS will just take you to the popup, so the process itself shouldn’t infect your phone with malware. However, CERT NZ recommends that you change your passwords if you actually clicked on this SMS link, just in case.

And okay, let’s say you made a selection for a link in the popup, and you loaded the hidden FluBot app inside it. Do not panic. Factory reset your phone to completely remove any traces of FluBot on your device, or restore from a backup made before downloading the FluBot app. Then change all passwords for your connected accounts. You will also want to contact your bank to make sure there has been no suspicious activity on your account. And never click or click on any unexpected links again.

[ Tom’s Guide ]

More…

Leave a Reply