Flubot Android banking Trojan spreads via fake security updates

The Flubot Android malware is now leveraging fake security updates warning to trick users into installing the malicious code.

Threat actors behind the Flubot Android malware are now leveraging fake security updates to trick victims into installing the malicious code. The attackers use fake security warnings of Flubot infections and urging them to install the security updates.

Researchers at New Zealand’s computer emergency response team (CERT NZ) spotted the fake security warnings used to deceive the Android users:

“Your device is infected with the FluBot® malware. Android has detected that your device has been infected,” states the fake security warning observed by the researchers. “FluBot is an Android spyware that aims to steal financial login and password data from your device. You must install an Android security update to remove FluBot.”

The messages also instruct the victims to enable the installation of unknown apps to allow the installation of fake security updates.

Flubot has been active since late 2020, it was first observed targeting Spanish users. Since March 2021, the malicious code was also employed in attacks aimed at several European countries as well as Japan.

In March, experts from Swiss security outfit PRODAFT estimated that the number of infected devices worldwide was approximately 60,000.

In March, experts from Swiss security outfit PRODAFT estimated that the number of infected devices worldwide was approximately 60,000.

”The PTI team has deanonymized the C&C server and discovered that FluBot has already infected more than 60,000 victims and stolen over 11 million phone numbers.” states the report.

The Android malware has been used to steal banking credentials, payment information, and sensitive data from infected devices.

In past attacks, the malware was spreading by spamming text messages to contacts from infected phones that instruct them to install tainted apps from servers under the control of the attackers.

The malicious code also requests permissions to access the Android Accessibility service, implemented to assist users with disabilities in using Android devices and apps, but that was abused by threat actors to carry out malicious activities.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, Android)

The post Flubot Android banking Trojan spreads via fake security updates appeared first on Security Affairs.

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Discord

Original Source