An international law enforcement operation involving 11 countries has culminated in the takedown of a notorious mobile malware threat called FluBot.
this Android malware has been spreading aggressively through SMS, stealing passwords, online banking details and other sensitive information from infected smartphones across the world. Its infrastructure was successfully disrupted earlier in May, rendering this strain of malware inactive.
What Is Flubot Malware?
FluBot is a new form of malware that is spreading on Android phones in several countries. It’s harmful in many ways:
- It spreads via fake text messages that require users to download an app
- This app disguises itself as a service or a system app
- If users download and install the app, it asks for several kinds of permissions.
- If granted, these permissions allow the app to gain control over the device and cause significant harm.
It can even trick users into giving up their financial details.
Here is how FluBot worked ?
First spotted in December 2020, FluBot has gained traction in 2021 and compromised a huge number of devices worldwide, including significant incidents in Spain and Finland.
The malware was installed via text messages which asked Android users to click a link and install an application to track to a package delivery or listen to a fake voice mail message. Once installed, the malicious application, which actually was FluBot, would ask for accessibility permissions. The hackers would then use this access to steal banking app credentials or cryptocurrency account details and disable built-in security mechanisms.
This strain of malware was able to spread like wildfire due to its ability to access an infected smartphone’s contacts. Messages containing links to the FluBot malware were then sent to these numbers, helping spread the malware ever further.
This FluBot infrastructure is now under the control of law enforcement, putting a stop to the destructive spiral.
The following authorities took part in the investigation:
- Australia: Australian Federal Police
- Belgium: Federal Police (Federale Politie / Police Fédérale)
- Finland: National Bureau of Investigation (Poliisi)
- Hungary : National Bureau of Investigation (Nemzeti Nyomozó Iroda)
- Ireland: An Garda Síochána
- Romania: Romanian Police (Poliția Română)
- Sweden: Swedish Police Authority (Polisen)
- Switzerland: Federal Office of Police (fedpol)
- Spain: National Police (Policia Nacional)
- Netherlands: National Police (Politie)
- United States: United States Secret Service
What To Do If Infected ?
Once you’ve figured that FluBot has infected your device, the next step is to remove it and prevent further damage. Removing FluBot can be pretty complicated as it actively avoids deletion by disguising itself as a system app or service.
When you try to delete the infected app, a message saying “You cannot perform this action on a system service” is displayed. Thankfully, you can implement any of the options listed below to override the error and remove FluBot:
- Try removing the infected app using Android Safe Mode. You can boot into Safe Mode by long-pressing the Power button and clicking on “Reboot in Safe Mode” (though this varies between devices).
- An XDA user has developed an open-source app named “malinstall” which deleted FluBot. You can download it from this GitHub repository.
- If neither of the above options works, factory reset your Android device. It’s better to not restore from your backups as they could potentially contain the infected app.
Note: Once FluBot has been removed from your system, do inform your local cyber enforcement authority that your device was infected. This will help them monitor the malware and keep other users safe.
How to Prevent FluBot Infections on Your Devices ?
Since FluBot is difficult to detect and remove, it’s best to avoid infection in the first place