New spyware spreads in several countries via an SMS signaling a missed delivery. Called FluBot, it targets Android smartphones and steals sensitive data such as passwords and banking information.
Watch out for text messages warning you of a missed delivery. This is most likely a fake message urging you to installsure known as FluBot, Cabassous or FedEx Banker. This is a campaign launched by several groups of cybercriminals in order to recover your and banking information. The problem has grown to such an extent in the UK that the (NCSC) posted a warning on its site.
More and more countries are affected by FluBot which was first spotted in December. Four people were arrested in Spain in early March, but sincehave launched SMS campaigns in several countries and the problem continues to grow. Fraudulent messages have been spotted in Europe as well as in Japan.
#Cabassous (#FluBot) actors are heavily developing new overlay targets and also performing an environmental checks (av) before it executing the banker payload. Interesting new countries and developments coming from this private group in such a short period of time. pic.twitter.com/0pWXHaMa1j
— ThreatFabric (@ThreatFabric) April 26, 2021
FluBot spreads thanks to a link sent by SMS
The user receives an SMS claiming to be from DHL, FedEx or another carrier, notifying themmissed or simply a parcel in . It also contains a link for tracking directing back to a fraudulent copy of the legitimate service’s site. The page then prompts the user to download a fake tracking file containing the malware. The app only works on Android, but the UK agency reports that iPhone users could be redirected to a page of .
For those who have already clicked on a link and installed the application, the NCSC simply advises toto factory settings and not to restore the . The agency also invites those who have received such an SMS to forward it to the reporting service of , i.e. 33 700 in France.