Password-stealing malware spreads on Android

Watch out for text messages warning you of a missed delivery. This is most likely a fake message urging you to install spyware sure Android known as FluBot, Cabassous or FedEx Banker. This is a campaign launched by several groups of cybercriminals in order to recover your Passwords and banking information. The problem has grown to such an extent in the UK that the National Cyber Security Centre (NCSC) posted a warning on its site.

More and more countries are affected by FluBot which was first spotted in December. Four people were arrested in Spain in early March, but since other criminal groups have launched SMS campaigns in several countries and the problem continues to grow. Fraudulent messages have been spotted in Europe as well as in Japan.

FluBot spreads thanks to a link sent by SMS

The user receives an SMS claiming to be from DHL, FedEx or another carrier, notifying them a delivery missed or simply a parcel in transit. It also contains a link for tracking directing back to a fraudulent copy of the legitimate service’s site. The page then prompts the user to download a fake application tracking file containing the malware. The app only works on Android, but the UK agency reports that iPhone users could be redirected to a page of phishing.

For those who have already clicked on a link and installed the application, the NCSC simply advises to reset your smartphone to factory settings and not to restore the backup. The agency also invites those who have received such an SMS to forward it to the reporting service of spam, i.e. 33 700 in France.