{Warning}: Flubot Android Malware

[Baofeng]

https://twitter.com/CERTNZ/status/1443701946485927944

It was reported Flubot has now a new mode of attack, thru fake updates. As the message says above, you will get a similar message saying that your android devices is infected and thus need to install an update and will tell you to enable installation of of unknown apps (red flag already). They it will redirect you to the installation page. And once you installed it, Flubot will take over your phone, getting access to your banking info and payment and crypto currency apps.

Countries being affected are: Spain and then expanded to hit Germany, Poland, Hungary, UK, Switzerland and Australia and Japan.

So be careful if you received such SMS or text messages, countries that are targeted are mostly in Europe but it doesn't mean that we are safe if we are live somewhere. Reports says that the next target will most likely be US.

https://malpedia.caad.fkie.fraunhofer.de/details/apk.flubot
https://www.proofpoint.com/us/blog/threat-insight/flubot-android-malware-spreading-rapidly-through-europe-may-hit-us-soon
https://raw.githubusercontent.com/prodaft/malware-ioc/master/FluBot/FluBot.pdf

[Maus0728]

It would be more beneficial if Android manufacturers will increase the friction when asking the user to "install applications outside google play store".

This friction will at least make non-techy person to just run away from installing unknowns applications so as reducing the cases of getting hacked.

[DdmrDdmr]

Not sure if we’ve commented this elsewhere, but Flubot, although largely targeting banking apps, also targets some that are crypto related, such as Binance Coinbase and Blockchain wallet. These can of course evolve over time to a wider set of targeted apps, so a given app not being on a list of targets is no guarantee that it won’t crop-up at a later date (or through any other malware vector of attact for that matter).

See: https://www.threatmark.com/flubot-banking-malware/

[aoluain]

This is the first I have heard of it.

Its important for people to make sure the first line of defense for android is to
make sure "Download Unknown Apps" is turned off. Android phones come as
standard with it switched OFF.

The android device wont be able to download this until the user grants permission and
switches the "unknown apps" or "download from unknown sources" on.

I'm sure plenty of people have been scammed and will be by this.

[boyptc]

First time to hear about flubot but too bad that many concerned people will really have to follow that instruction if they know that they did something wrong like their browsing attitude.

It's like freely installation upon clicking that security update.

[libert19]

This is pretty much same as those pop-ups you come across on porn websites, this pop-up is just bit specific.

[Oshosondy]

As the message says above, you will get a similar message saying that your android devices is infected and thus need to install an update and will tell you to enable installation of of unknown apps (red flag already). They it will redirect you to the installation page. And once you installed it, Flubot will take over your phone, getting access to your banking info and payment and crypto currency apps.

Countries being affected are: Spain and then expanded to hit Germany, Poland, Hungary, UK, Switzerland and Australia and Japan.

I have visited some sites that popped up such a message that my phone is at high level of risk that I must download an app to free my phone from the virus it is infected with. It was very annoying and I had to leave the site immediately when I know nothing happened to my phone because I am very conscious of the sites I visit and the files I am downloading, even my phone antivirus couldn't detect any malware when I have the updated version. I definitely knew it was fake but I do not know if it could be malware or not or means of advertising apps but it is just a simple ways many people are installing malware on their devices. We should know the site we are visiting, we should be very careful about ads popping up on our device, it is getting too much. We should be careful of any update, even if I want to update any app, I do it not by clicking on any message, I do it through long pressing the app itself that will take me to app store or I visit the right site directly.

This is pretty much same as those pop-ups you come across on pxxx websites, this pop-up is just bit specific.

It could be on any site or untrusted site not only on a specific site.

[nakamura12]

I have visited some sites that popped up such a message that my phone is at high level of risk that I must download an app to free my phone from the virus it is infected with. It was very annoying and I had to leave the site immediately when I know nothing happened to my phone because I am very conscious of the sites I visit and the files I am downloading, even my phone antivirus couldn't detect any malware when I have the updated version. I definitely knew it was fake but I do not know if it could be malware or not or means of advertising apps but it is just a simple ways many people are installing malware on their devices. We should know the site we are visiting, we should be very careful about ads popping up on our device, it is getting too much. We should be careful of any update, even if I want to update any app, I do it not by clicking on any message, I do it through long pressing the app itself that will take me to app store or I visit the right site directly.

I also did the same thing when I came across sites like that. I always close the site right away and think that I shouldn't follow the instructions. Kind of annoying closing such sites that can only infect the device and not a help at all. Well, it's not just android devices that this message will show but also in computers.

[Jating]

This is pretty much same as those pop-ups you come across on porn websites, this pop-up is just bit specific.

Of this is specific, so the thing is you don't trust blindly trust anything to be installed on your smart phone.

But as you can see, there are a lot that fall on this trap, as the first variant of this malware targeting Spain has managed to steal 11m phones already. That is huge, and the criminals has some kind of control servers wherein they can watch everything without you knowing, which is a bit scary.

[The Cryptovator]

I am not familiar with this platform, just curious where is this warning popping up? In browser or apps? Often I update my apps directly from the Google Play store since I am an android user. I don't update apps from the apps or website pop-ups. I do the same even for my Electrum wallet, directly installs and update from the official website. Because I know anytime the site or apps would be affected by hackers and they would push to install malware to my device.

Anyway, thanks OP for sharing it with us. It would help at least forum users to prevent this malware.

[Saisher]

I've seen a lot of these pop-ups whenever I installed a gaming application, I know it's a bundle and it's mean to deceive you into installing has virus application, the rule of the thumb has always been to only install an application that has positive and fair reviews do not install an unfamiliar application, awareness is always the key.

[ScamViruS]

First time to hear about flubot but too bad that many concerned people will really have to follow that instruction if they know that they did something wrong like their browsing attitude.

It's like freely installation upon clicking that security update.

That's why it's important to know the app properly before installing anything on your smartphone. Because you will find a lot of apps online that look interesting and trustworthy, but those apps can steal your important information from your phone.

I see a lot of crypto users who are victims of such scams, they get tired when they actually do a little research. And that's why they can't be careful before installing such an app.