In this post we want to share all we know about this threat and a timeline of the most relevant and interesting (new) features and changes that Flubot’s TAs have introduced. That was interesting period of time to look back at the early days of Flubot, how it evolved and became so notorious. The Dutch Police played a key part in this operation and successfully disrupted the infrastructure in May 2022, rendering this strain of malware inactive. On June 1, 2022, Europol announced the takedown of Flubot in a joint operation including 11 countries. These campaigns were very successful, since nowadays most people are used to buy different kinds of products online and receive that type of messages to track the shipping of the product.įlubot is not only a very active family: TAs have been very actively introducing new features, support for campaigns in new countries and improving the features it already had. Those SMS messages were fake notifications which lured the user into a fake website in order to download a mobile application to track the shipping.
In the initial campaigns, TAs used fake Fedex, DHL and Correos – a local Spanish parcel shipping company – SMS messages. Threat Actors (TA) have been using the infected devices to send text messages to other phone numbers, stolen from other infected devices and stored in Command-and-Control servers (C2). Most of its popularity comes from its distribution method: smishing.
Never heard of it? Let us give you a quick summary.įlubot banking malware families are in the wild since at least the period between late 2020 and the first quarter of 2022. An “inspiration” for developers of other Android banking malware families. One of the most popular active Android banking malware families today. Its disappearance, including new features and distribution campaigns. In this article we detail its development over time and recent developments regarding Text messages, luring new victims into installing the malware from a fake website.
Strategy used in its campaigns, since it has been using the infected devices to send An important part of the popularity of Flubot is due to the distribution Is open to show a fake web injection, a phishing website similar to the login form of the bankingĪpplication. In order to steal the victim’s credentials, by detecting when the official banking application Like the majority of Android banking malware, Flubot abuses Accessibility Permissions and Services Authored by Alberto Segura (main author) and Rolf Govers (co-author) Summaryįlubot is an Android based malware that has been distributed in the past 1.5 years inĮurope, Asia and Oceania affecting thousands of devices of mostly unsuspecting victims.
0 kommentar(er)
