A malware attack on Android devices is spreading rapidly across Europe, and there are fears that the attack could spread to other countries. The FluBot Android malware begins as a simple text message with a link to track package delivery. Once clicked, the phishing link asks the user to install an application to track the delivery. The app contains malware that proceeds to steal information from Android phones.
The malware has affected users in the UK, Spain, Germany, and Poland, but fears have emerged that the malware attack may spread to the US and other countries. The UK’s National Cyber Security Centre (NCSC) has issued a security advisory about identifying and removing the FluBot malware. Mobile carriers such as Vodafone UK have given warnings to users over the attacks.
The NCSB advises that users who become infected with the malware must perform a factory reset of their device as soon as possible and restore a backup snapshot that was taken before the malware app was downloaded. Only a complete device reset can clear the malware from the user’s device.
While text message scams using package delivery vectors are not new, what sets this attack apart is that it attempts to install malicious software using an Android APK (Android Package) file. Although Android itself can block the installation of malicious software, the scam page includes detailed instructions on bypassing the security block.
Along with stealing the user’s passwords and other private information, the malware also copies the victim’s contacts list, forwards this to its command and control servers, and uses the victim’s phone to spam more messages.
Cybersecurity researcher, Paul Morrison, provides a detailed breakdown of the malware attack in his blog and writes that “With the number of SMS being sent out just a 0.1% success rate could be very profitable. FluBot isn’t a one time thing, now its in the UK its going to be here to stay for some time.”
Morrison echos the NCSB guidance that resetting an infected device to factory settings is required to eliminate the malware correctly.