Beware Flubot! It’s stealing data on Android devices
PARIS: Beware of malware by the name of Flubot (or Cabassous), which is out to steal user data on Android devices.
This malicious software programme is spread via a link in an SMS telling users they’ve missed a package delivery.
In the UK, Germany and Spain, this spyware is causing concern among authorities.
Make sure you double (or triple) check before clicking any links on your cell phone.
This advice can’t be repeated enough, but malware attacks, seeking to steal user data are on the rise, and they’re increasingly discreet and cunning.
In the case of Flubot, the spyware is installed when users receive a text message alerting them to a missed package delivery, and poses as a parcel-tracking application (like DHL, FedEx or UPS).
When a user clicks on the link to download the app, going back can prove tricky.
In fact, the program can instantly steal passwords and other data from smartphones.
Plus, it spreads like an infection, accessing user contacts to in turn send them scam messages, creating an almost infinite cycle of malicious SMS.
To escape its grips, the UK’s National Cyber Security Centre recommends that users who click the link to download the application should perform a factory reset as soon as possible.
While iOS users are less affected (the spyware doesn’t exist for iOS, although the scam website could still steal personal data), Android users are specifically at risk.
When someone using an Android smartphone clicks on the link in the SMS, they are directed to a page “explaining” how to install the supposed package tracking application, using something called an APK file.
APK files are a way of installing Android apps without using the secure Google Play Store.
By default, these applications are blocked for security reasons, but the scam webpage features instructions on how to authorise installation. iPhone users cannot install Android APK files.
The network operator Vodafone UK said that millions of messages had already been sent, across all networks.
“We believe this current wave of Flubot malware SMS attacks will gain serious traction very quickly, and it’s something that needs awareness to stop the spread,” said a Vodafone spokesperson.
A criminal network of international scale
But this spyware isn’t new. Back in March, police in Spain broke up a criminal network in Barcelona.
After these arrests, other users of the program launched malware campaigns in Germany, the UK and Japan. In fact, for the authorities, this is a particularly tricky problem to solve, as the spyware isn’t used by just one network.
Instead, it’s made available by its creators, then “distributed” to malicious individuals. This is what is known as a MaaS (Malware as a Service), allowing anyone to pay to make use of malware programs.
The spyware appears to be regularly updated and is being readied for future attacks, notably in countries like Italy, Norway, Sweden, the Netherlands and Poland.
In the UK and in Germany, cybersecurity and IT security services have issued alerts warning users about fraudulent SMS messages.
According to certain experts, Flubot is likely to continue to spread at a sustained rate, rapidly moving from one country to another.