September 27, 2022

An international law enforcement operation involving 11 countries has culminated in the takedown of a notorious mobile malware threat called FluBot.

“This Android malware has been spreading aggressively through SMS, stealing passwords, online banking details and other sensitive information from infected smartphones across the world,” Europol said in a statement.

CyberSecurity

The “complex investigation” included authorities from Australia, Belgium, Finland, Hungary, Ireland, Romania, Spain, Sweden, Switzerland, the Netherlands, and the U.S.

FluBot, also called Cabassous, emerged in the wild in December 2020, masking its insidious intent behind the veneer of seemingly innocuous package tracking applications such as FedEx, DHL, and Correos.

It primarily spreads via smishing (aka SMS-based phishing) messages that trick unsuspecting recipients into clicking on a link to download the malware-laced apps.

FluBot Android Spyware

Once launched, the app would proceed to request access to Android’s Accessibility Service to stealthily siphon bank account credentials and other sensitive information stored in cryptocurrency apps.

To make matters worse, the malware leveraged its access to contacts stored in the infected device to propagate the infection further by sending messages containing links to the FluBot malware.

CyberSecurity

“This FluBot infrastructure is now under the control of law enforcement, putting a stop to the destructive spiral,” the agency noted, adding that the Dutch Police orchestrated the seizure last month.

According to ThreatFabric’s mobile threat landscape report for H1 2022, FluBot was the second most active banking trojan behind Hydra, accounting for 20.9% of the samples observed between January and May.