14 DAY TRIAL // FluBot Android malware is back and already launched several attacks outside the regular geographical region of impact, according to Cyware.
Recently conducted research into the FluBot banking malware has revealed an upsurge in the number of dangerous distribution pages in a variety of Australian, Polish, and German financial institutions.
Numerous intriguing elements were incorporated by the threat actors in the new operations that now collected user credentials by overlaying several popular banking applications. The design of the malicious web pages is devised to disseminate text messages that appear to be voicemail notifications or shipment tracking information, but are actually scams.
It is worth noting that the cybercriminals were able to accomplish all of this while remaining undetected during the infection process thanks to a Domain Generation Algorithm (DGA).
Malware authors employ ingenious tactics to steal victims' money
The creators of FluBot used all their power and creativity to deceive their targets in the revamped version. Malicious overlaying apps offer users the impression that they are using legitimate apps that perform simple functions like monitoring packages or checking voicemail, but they are actually designed to download the FluBot APK.
The malicious pages that pose as legitimate services are, in fact, controlled by C2 servers administered by the attackers. After being reached by affected phones, the servers are used to push overlying banking apps and install them.
Hackers developed clever overlay apps for the following banks: Plusbank24, Getin Bank, BNP Paribas, and Bank Millenium, just to name a few. Unfortunately, the fake apps do such as great job at imitating the original that more than 20 million have already been downloaded.
Android users are advised to be careful about unexpected SMS messages to decrease the chance of being a victim of FluBot. At the same time, they should avoid installing applications from other sources than Google Play, App Store, or other genuine application repository.