Security 1. July 2021

Flubot – Malware via SMS

Do you own an Android phone and have received an SMS message with a link to a voice message? Then you should delete this message unread, because behind it there is most likely a new malware called “Flubot”, which has recently become active in Switzerland.

If you click on the link contained in the SMS message, you will be redirected to a fraudulent website where you are supposed to download the alleged voicemail.

If you do so, you install the malware on your phone, allowing it to grab sensitive data from your device. This attack method is called “smishing”, a word combination of “SMS” and “phishing”.

In Germany and other countries, “Flubot” disguises itself as an SMS parcel message from a transport company such as DHL or FedEx. The link in the message then leads to a fraudulent website from which an alleged app from the transport company is to be downloaded.

National organizations warn

Various Swiss IT organizations are currently warning about the malware, including Switch or the National Cyber Security Center in Bern, or NCSC for short:

“At the moment, the NCSC is receiving numerous messages about SMSs that alert the recipient to a supposed voice message. Anyone who clicks on the link in the SMS is taken to a fake website where the victim is asked to download the message. In fact, however, it is a malicious software. Do not download this file under any circumstances, do not click on the link in the SMS and delete the message.”

The Zurich Cantonal Police also describes the malware on its own cybercrime website cybercrimepolice.ch: SMS are sent to premium-rate numbers, among other things, according to Kapo Zurich. In addition, “Flubot” tries to tap credit card data as well as data entries in cryptocurrency apps or the email service Gmail. The Kapo also provides tips on what to do if you have accidentally installed the malware on your cell phone (see info below).

In order to spread, the malware also uses the contact list of the infected phone to send countless SMS messages to other devices.

Where does “Flubot” come from?

“Flubot” first appeared in Spain, Hungary and Poland in December 2020. Since then, the malware, which is also known as “Cabassous” and “Fakechat”, has spread worldwide.

“Flubot” can basically only infect Android phones. iPhones can also receive such a text message, but they are not in direct danger because apps can only be installed via the official Apple Store, which has been checked by Apple.

What can I do if I receive such an SMS?

• Do not click on the link
• Delete the SMS message
• Ideally, make people in your social environment aware of the issue and show them the SMS message before deleting it

What should I do if I click on the link?

• Reset your cell phone to factory settings (How do I do that?); this will delete all data on the cell phone
• Inform your mobile phone provider
• Block your credit card(s)
• Change the credentials of any cryptocurrency apps from another device
• Do the same if you use Gmail

How can I protect myself from “Flubot”?

• Keep the Android version on your phone up to date
• Protect your phone with anti-malware software (e.g. SophosMobile Security for Android)
• Download apps only from the official Google Play Store
• Set in the security settings of your phone that data from “unknown sources” should not be installed

 

Sources:

https://securityblog.switch.ch/2021/06/19/android-flubot-enters-switzerland/#comments
https://www.ncsc.admin.ch/ncsc/en/home/aktuell/aktuelle-vorfaelle.html
https://www.cybercrimepolice.ch/de/fall/das-sms-neue-voicemail-ist-die-gefaehrliche-schadsoftware-flubot/
https://medium.com/csis-techblog/the-brief-glory-of-cabassous-flubot-a-private-android-banking-botnet-bc2ed7917027
https://www.t-online.de/digital/internet/id_90136940/vorsicht-falsche-dhl-app-android-trojaner-flubot-breitet-sich-aus.html
https://support.google.com/android/answer/6088915?hl=en
https://en.wiktionary.org/wiki/smishing
https://www.droidwiki.org/wiki/Sideloading
https://en.wikipedia.org/wiki/Phishing

Das könnte dich auch interessieren

ISDN switch-off

Solutions 9. January 2017 Switching to VoIP is easy and saves costs Switching to VoIP is easier than you might think. With the right provider, you can also save money. Purchasing new VoIP phone equipment pays for itself very quickly. The … Mehr erfahren
blank

Federal government warns about harmful Office documents in e-mails attachments

Security 12. July 2016 The malware that is spread via this attack vector is usually Locky (ransomware) or Dridex (eBanking Trojan). While Locky malware encrypts files on the victim's computer and then extorts the victims, Dridex targets the eBanking … Mehr erfahren
blank

Federal government warns against fraudulent calls to companies

Security 12. July 2018 Read the original notification of the Reporting and Analysis Center for Information Assurance of the Swiss Confederation. We recommend that you check the notification from the Confederation and take action if necessary: 1. Check what information about … Mehr erfahren
blank

Federal government warns against sextortion

Security 4. January 2019 Blackmailers claim in an email that they have access to computers and the webcam and threaten, if no ransom is paid, to send personal pictures and videos with sexual content to all contacts. As a … Mehr erfahren
blank

Exposing phishing and acting correctly

Security 8. June 2018 What is phishing used for? What is phishing? Phishing is a combination of the words "password", "harvesting" and "fishing". Phishing is a technique used to obtain confidential data from unsuspecting Internet users. The affected victim loses double, … Mehr erfahren
blank

Federal government warns of forged FOPH e-mails

Security 18. March 2020 Since Friday afternoon (13 March 2020), cyber criminals have been trying to exploit the uncertainty of the population due to the current situation surrounding the corona virus. As sender of the mails, cybercriminals use the … Mehr erfahren

Open Circle AG
Freilagerstrasse 32
CH-8047 Zürich

©2024 Open Circle AG, all rights reserved.