Cybercriminals Tricked Britons into Downloading Flubot Malware

 

Hackers are mimicking delivery services and sending phishing text messages to Britons in an attempt to get them to download the Flubot malware. It's capable of intercepting messages and stealing financial information. Three, one of the UK's most popular mobile networks, has issued a warning about a phishing scam that has reportedly affected all network operators. “Many people in the UK have been targeted with a text message that looks like it’s from a delivery service, or it may say that you’ve received a voicemail,” the company warned in a blog post.

The message instructs you to install an app in order to monitor a package or listen to voicemail. Some messages claim to be from DHL, Amazon, Asda, and Argos. If a victim is tricked into participating in the malicious campaign, the scammer has access to their entire Android smartphone. This includes the possibility of stealing credit card data and online banking login passwords. 

To evade detection, the attacker disables the Android OS's built-in protection and prevents the installation of many third-party security software packages, which many users would employ to remove unwanted malware. 

First, the victim receives an SMS message impersonating a well-known shipping logistics company, such as FedEx, DHL, or Correos. The message's call to action is for the user to click a link to download and install an app with the same familiar branding as the SMS message, but which is actually harmful and contains the FluBot malware.

FluBot, once installed and given the necessary rights, unleashes a slew of features, including SMS spamming, credit card and banking credential theft, and spyware. The contact list is taken from the device and sent to the threat actor's servers, giving them access to more personal information and allowing them to launch new attacks on other potential victims. 

SMS and notifications from telecom carriers can be intercepted, browser sites can be visited, and overlays can be presented to capture credentials. To prevent detection by the operating system's built-in security, the malicious app also disables Google Play Protect. 

According to Three, this fraud attack has impacted all network operators. Despite the fact that the majority of messages were blocked, a tiny number of Three subscribers may have received them. As a result, the company advises staying aware and being cautious when clicking on any links sent by text message. 

“If your device has been infected with the Flubot malware, you may have been charged for text messages over your plan. If so, we’ll arrange a refund for you as soon as possible,” the company stated.