cancel
Showing results for 
Show  only  | would you rather see results for 
Did you mean: 
Need help?

All you need to know about FluBot Android malware

Beat the Scammers
Security
simonb
Community Team - TT Staff

FluBot is a new Android malware that steals your passwords, personal details, banking and login information to your online accounts. The information is used to make payments (in other words steal your money), take over your accounts and steal your online identity. FluBot also sends SMS messages to new victims and spreads itself further. All of this is done without the users’ knowledge.  

So far FluBot has been detected mostly in European countries and it’s likely to spread to the rest of the world if the threat actors behind it aren’t stopped.  

Here’s how FluBot works 

An infected device sends an SMS message that contains a phishing link. The message claims it has been sent by some well-known delivery service, like DHL, UPS, FedEx, or Amazon. 

The message explains that there’s a package in delivery and prompts the receiver to install a tracking app to track the package and delivery time. Following the provided link, the victim downloads the malware that is masked using the delivery company’s name and logo.  

 

Flubot_Picture1.png

 

Once downloaded, the “tracking app” that’s actually FluBot, asks for accessibility permissions. If granted, the malware grants itself more extensive app permissions and becomes a system app. Then it can start its work. 

How to remove it 

If FluBot has already infected your Android device, and it has been granted accessibility rights, then one way to remove it is to can carry out a factory reset on your phone. This is considered the safest option since it deletes all data. Remember before performing a factory reset to back up your data to your Google Account or similar cloud storage provider. Here’s how you do a factory reset >> 

 

Does TalkTalk’s SuperSafe Online Defence internet security powered by F-Secure protect from FluBot? 

The Online Defence Browser (also known as the SAFE Browser) detects the phishing website and warns the user not to enter the site.  


Flubot_Picture2.png

 

If FluBot is installed, Online Defence detects it and asks the user to uninstall the malicious app.  

  Flubot_Picture3.png

 

Flubot_Picture4.png

While Online Defence cannot prevent the user from installing the app, it warns very clearly that it is not a good idea to do so. Flubot_Picture5.png

 

How to stay safe from FluBot and other mobile malware  

There should be no illusion about this: mobile phones are not immune to online threats. Malware, phishing, unsafe networks, and other threats for mobile phone users also exist. FluBot is just one of the newest threats out there. Here’s a few things you can do to protect your mobile and digital life on the go:

1. Use antivirus for mobile devices

Malware targeting mobile devices is getting more common. While official app stores are not likely to spread malware, you can get infections from other sources. TalkTalk’s SuperSafe Online Defence is certified for Android and it helps you keep your phone free of malware. It secures your online shopping and banking sessions as well. 

2. Don’t open suspicious links

Check the email address of the sender. Due to the smaller screen space, most mobile email apps show only the name of the sender, not their address. Mobile devices are also used on the go, which makes it easier to fall for phishing scams. Don’t open suspicious links. Remember, no reputable company or authority will ask for personal information through email or SMS.  

3. Avoid shady apps

While there’s no unambiguous way to tell a suspicious app from a genuine app, start by thinking about what you use it for. If it’s not necessary, there’s no point in getting it. If it doesn’t work for you, delete it immediately. In the case of tracking packages, you can typically do that on the carrier’s website and you don’t need a separate app for that. Do not download apps from unofficial app stores and remember that it’s not a good idea to enable the “Install from Unknown Sources” option. 

4. Don’t give apps unnecessary permissions

Like in FluBot’s case, granting app permissions can enable malware and other suspicious apps to do malicious tasks. It can also lead to data leakage. Always consider what permissions you grant to apps. Why do they need them? 

As an iPhone user, do I have to care about FluBot?  

The malware itself isn’t a threat to iPhone users, but the phishing website can still be dangerous. Don’t open any suspicious links and be careful about what personal information you give to online services. The 4 tips provided earlier are useful for iPhone users as well.  

Try TalkTalk’s SuperSafe Online Defence internet security 

To get protected against FluBot and other mobile malware, get SuperSafe Online Defence  installed onto your mobiles. TalkTalk customers just need to log in to My Account and select SuperSafe for just £4 per month. Online Defence internet security protects up to 10 of the family’s devices from internet nasties and comes with a helpful Password Manager too. Once you’ve selected SuperSafe, you will receive an email from F-Secure to install the app onto your devices.

About simonb

I Like to travel around the Mediterranean, I have 2 grandchildren who are so entertaining. I also like cooking and socialising.

Check out more blogs from simonb