Reading Time: 3 minutes

FluBot has been around for a while now. Being a malware so dangerous and so effective, it keeps coming back and attacking with new and improved techniques. Finland gets a revisit from hackers behind the malware, spreading at a rapid pace.

FluBot is an android malware that uses smishing techniques to trap users into providing sensitive financial details by using layers upon actual transaction pages, and making the user believe they are doing a legit transaction. Some other ways it breaches personal information include sending parcel delivery alerts, voicemails and text messages that prompt users to install applications to access some information that is posed critical. Upon installation, the malware can access all the information integrated and used for financial transactions.

malware messages

[Some texts taking rounds on Finish android phones users]

Parcel message by DHL

[Prompting to follow the links for parcel details]

The damage done by this malware is a lot, and it still continues to haunt almost all of the European countries including Belgium, Switzerland, Netherlands, Austria, United Kingdom, Australia, and most of all, Italy, Spain and Germany. Some reports have also hinted the possibility of it entering the US.

FluBot uses SMSs and MMSs to spread the messages, and some victims have reported similarities in the language and styling of content in the messages. Matias Mesiä, the information security adviser at NCSC-FI also shed light on the malware saying,

The most recent FluBot malware campaign is very similar to the previous ones. Fraudsters have sent thousands of scam messages. The malware has been updated, and in the present campaign scam messages are also being sent via MMS

Parcel delivery message

[Asking to Install application for parcel details]

Recommendations for Protection.

Some recommendations that can prevent you from falling prey to this malware include not opening the links sent via text and multimedia messages, as that alone can save you loads of trouble and regret. Opening the links may not directly impact, but you must be smart enough to identify a smishing effort made by the hackers. If you are asked to follow a link to help you get your parcel, make sure you confirm it first from the parcel company. Before that, you should also know if you are expecting any parcel at all? In case you have installed an application as a result of falling prey to the smishing technique, a factory reset is the first thing you should do. Here are some steps you must perform to make your device secure again, and ensure minimum data and financial loss:

  1.     Factory reset your phone. The backup you choose must be from a date before installing the malware.
  2.     Ask your bank to disable all your financial transactions, as a result of your information being compromised.
  3.     Go to the police in case of any financial loss
  4.     Reset all your passwords as the malware might have automatically changed them once it took over the device.
  5. Check all your subscriptions, and see if any new subscription has been made or even applied for, since iPhone users are attacked only on subscriptions and online transactions that have automated detail fetching mechanisms.

voicemail message

[Luring in via sending fake voicemail details]

Wrap up

Even after all these steps, some victims have been unable to recover the losses caused as a result of getting attacked and robbed. Hackers are on the job 24/7, which means we will be facing various new techniques to lure us into giving our sensitive data, causing monetary and personal losses. We must be very careful of the external threats, not just from FluBot, but other malware too. We now have a lot of online contact points, giving hackers all the new ways to innovate the way they attack us. Being careful and vigilant is our own responsibility. The cybersecurity systems are strong now, which means a little extra care can go a long way.