New Windows Search zero-day added to Microsoft protocol nightmare
“Known as FluBot, this Android malware has been spreading aggressively through SMS, stealing passwords, online banking details, and other sensitive information from infected smartphones across the world. Its infrastructure was successfully disrupted earlier in May by the Dutch Police (Politie), rendering this strain of malware inactive.” – Europol.
The FluBot operation, one of the largest and fastest-growing Android malware organisations in existence, has been shut down by Europol. Following a complicated technological examination to determine FluBot’s most essential infrastructure, a law enforcement effort comprising eleven nations took down the malware operation. Australia, Belgium, Finland, Hungary, Ireland, Spain, Sweden, Switzerland, the Netherlands, and the United States took part in the operation.
As the Dutch Police announced today, they have disconnected ten thousand victims from the FluBot network and prevented over 6.5 million spam SMS from reaching prospective victims. In March 2021, the police in Spain arrested four suspects who were then considered key members of the FluBot operation, as the malware had primarily infected users in the region. The hiatus in its distribution was momentary, though, as the malware rebounded to unprecedented levels targeting multiple other countries beyond Spain.
Additionally, it can access SMS content and monitor notifications, so two-factor authentication and OTP codes can be snatched on the fly. Its rapid proliferation is thanks to the abuse of the contact list of infected devices to send SMS to all contacts through a person they trust. The person whose device is abused for spamming doesn’t notice anything odd as everything happens in the background. This way, by achieving only a handful of infections, FluBot quickly increased the number of victims in certain places around the globe and spread like wildfire there.
This time, however, Europol underlines that the FluBot infrastructure is under the control of law enforcement, so there can be no re-ignite. At this time, no announcements about any arrests have been made, so we assume that the action was focused on disrupting the malware’s infrastructure at this stage. FluBot is an Android malware that steals banking and cryptocurrency account credentials by overlaying phishing pages on top of the interface of the legitimate apps when the victims open them.
Bill Toulas is a technology writer and infosec news reporter with over a decade of experience working on various online publications. An open source advocate and Linux enthusiast, is currently finding pleasure in following hacks, malware campaigns, and data breach incidents, as well as by exploring the intricate ways through which tech is swiftly transforming our lives.