The FluBot Android malware is spreading fast across Europe using an SMS package delivery scheme and it’s soon expected to arrive in the United States as well, cybersecurity company Proofpoint warned this week.
Initially observed in Spain, FluBot has since expanded operations to reach Germany, Hungary, Italy, Poland, and the UK as well, with tens of thousands of malicious SMS messages that leverage FedEx, DHL, and Correos lures being sent hourly.
The malware is believed to have made over 7,000 victims in the UK alone, where the campaign operators were using more than 700 unique domains for the distribution of FluBot.
Proofpoint says that U.S. users have already started receiving German and English-language phishing SMS messages, suggesting that the threat actor is getting ready to expand to this country. The pattern is similar to how the attacks started in the UK, where users first received German messages and only then English ones.
The attack starts with the victim receiving a SMS message supposedly arriving from a delivery service, which includes links to compromised sites. When clicking the link, the victim is prompted to download a malicious app featuring the delivery service’s logo, but which has FluBot embedded within.
The application requires user interaction to gain privileges to use Android Accessibility Service, as well as for Notification access. Once it has received the necessary permissions, FluBot gains access to the entire device, acting “as spyware, SMS spammer, and credit card and banking credential stealers,” Proofpoint explains.
FluBot also sends the victim’s contact list to the command and control (C&C) server, to spread further, and can intercept SMS messages, USSD messages from service providers, ..
Support the originator by clicking the read the rest link below.
