Flubot, a new Android malware is spreading across Europe in countries suchas Spain,United Kingdom, Germany, Italy etc. FluBot steals your online account passwords and login information, as well as your personal information and banking information. Payments, account takeovers and online identity theft are the consequences of Flubot. FluBot also spreads itself by sending SMS messages to new victims.
FluBot has so far been detected mostly in European countries. It’s likely to spread also to the rest of the world if the threat actors behind it aren’t stopped.
Here’s how FluBot works:
A phishing link is included in an SMS message sent by an infected device. The mail purports to have been sent by DHL, UPS, FedEx, Correos, or Amazon, among other well-known delivery services.
The message tells the recipient that an item is on its way and encourages them to download a tracking programme to determine the delivery time. The victim downloads malware disguised as the delivery company’s name and logo after clicking on the offered link.
The “tracking app,” which is actually FluBot, requests for accessibility permissions after being downloaded. If permission is granted, the virus gains more app permissions and becomes a system app. Then it can start its work.
How to stay safe from FluBot and other mobile malware
There is no way about it: mobile phones are not immune to cyber-attacks. Malware, phishing, unsafe networks, and other mobile phone risks exist as well. FluBot is one of the most recent cyber-threats.
Here are a few things you can do to keep your phone and digital life safe when on the go.
1.Use antivirus for mobile devices
Malware targeted at mobile devices is becoming increasingly prevalent. While malware is unlikely to spread through official app stores, infection can come from other places. F-Secure SAFE is an Android security app that helps you keep your phone safe from infection. It also protects your online banking and shopping.
2.Don’t open suspicious links
Always check the sender’s email address.Most mobile email apps only show the sender’s name, not their address, due to the restricted screen space. Mobile devices are increasingly utilised on the go, making phishing scams simpler to fall for. Do not click on any questionable links. Keep in mind that no legitimate company or authority will request personal information by email or SMS.
3. Avoid shady apps
While there is no clear method to distinguish a malicious app from a legitimate one, consider what you use it for. It’s pointless to buy something if it’s not required. If it doesn’t work for you, get rid of it right away. You don’t need a separate app to track packages because you can usually do so on the carrier’s website. Don’t download software from unauthorised appstores, and remember that enabling the “Install from Unknown Sources” option isn’t a good idea.
4. Don’t give apps unnecessary permissions
Granting app rights can enable malware and other suspicious apps to perform dangerous operations, as in the instance of FluBot. It may also result in data loss. Always think about the permissions you give apps. What are they supposed to do with them?
If you receive an unknown or unexpected SMS message with a clickable link, delete the message instead of clicking the link. If the virus has been placed on a device and banking or other activity has occurred following the installation, contact the companies responsible as soon as possible to stop access and, if required, change passwords, making sure they are unique and strong.
Users of Android devices should be on the lookout for odd messages and install security software to prevent such dangerous apps from ever reaching their devices.