“To date, we have disconnected ten thousand victims from the FluBot network and prevented over 6.5 million spam text messages,” Dutch police said in a statement. The EU’s police agency Europol said FluBot was among “the fastest-spreading mobile malware to date” and was “able to spread like wildfire due to its ability to access an infected smartphone’s contacts.” Police had made the malware “inactive” but are still hunting the culprits, it said. “This FluBot infrastructure is now under the control of law enforcement, putting a stop to the destructive spiral,” Europol said.
FluBot, a mobile phone fraud that spread around the world via phoney text messages, was shut down by authorities in 11 countries on Wednesday, according to Dutch and EU police. In May, Dutch cybercops spearheaded an operation to combat the spyware, which infects Android phones via messages claiming to be from a delivery company or claiming that a person has a voicemail waiting. Hackers would then take bank account information from infected phones, which would subsequently send messages to other phones in the user’s contact list, thereby spreading the fraud like a flu virus.
The countries involved in carrying out the investigation were Australia, the United States, Belgium, Finland, Hungary, Ireland, Romania, Spain, Sweden, Switzerland, and the Netherlands, coordinated by Europol’s cybercrime centre. FluBot became one of the world’s most notorious cyberscams after it first emerged in December 2020, “wreaking havoc” around the world, Europol said. The agency said the bug had compromised a “huge number of devices worldwide”, especially in Europe and the United States, with “major incidents” in Spain and Finland.
But FluBot’s method was simple, according to Europol and the Dutch police. It would arrive “mainly via a fake SMS on behalf of a well-known parcel delivery service” or saying the user had a voicemail to listen to. They would then be asked to click on a link to download an app from the parcel service to track a package, or to listen to the voicemail. But in fact FluBot would install the malware on their phones. The fake app would then ask permission to access various other applications. Hackers could then see their victims entering passwords for banking, credit card or cryptocurrency apps and steal from them, Europol said.
Australian media said last year that FluBot was spreading “like a tsunami” with some users being bombarded by texts. Details of how police took down the scam remain sketchy, with officials saying they do not want criminals to know how they busted it. Dutch police said a cybercrime team in the eastern Netherlands had taken down FluBot by “intervening and disrupting the criminal process”, without giving more details. Europol said the takedown did not involve removing any physical infrastructure such as servers but also refused to say more. “The Dutch police found another way to disrupt the criminal activity,” a Europol spokeswoman told AFP.
What made it “very dangerous” was its ability to access a phone’s contact list and then send fake texts to other phones. “Victims often do not know that they have installed the malware. The further spread of the malware also happens without the user of a mobile phone noticing,” Dutch police. The scam only targeted phones with Google’s Android operating system. Apple’s iOS system was not affected.