Posted on October 3, 2021 at 5:11 PM
FluBot Malware Disguises as Security Patch to Affect Android Devices
Android users are advised to take extra caution when using their devices because of a recent malware detected. The malware comes in the form of a genuine notification at first, but users who adhere to the instructions provided therein end up incurring losses.
The notifications sent to Android users are urging them to install a security update. However, unknown to the users, these security updates are not authentic, as those who choose to install them end up installing malware into their android device. TechRadar issued a report on this malware.
FluBot Malware Detected
The FluBot malware is the hacking tool in question that threat actors have issued to target android devices. This malware has been making rounds recently because of its mode operation and the great lengths the hackers have gone to trick users into installing it on their devices.
Cert NZ, a computer emergency response team, based in New Zealand, issues a warning to android users urging them to be cautious of clicking on the link that will lead them to the FluBot installation page. The warning states that the notification that urges users to install this malware creates a false sense of urgency. Those who later install the malware do so without knowing that it will cause them harm.
The warning that comes with this notification states that “Your device is infected with the FluBot malware. Android has detected that your device has been infected.” This message tricks users into installing the malware on their devices.
Since the malware was detected, it has compromised many devices of Android users in New Zealand, which has prompted cybersecurity companies to publish reports that notify users of this malware and how it operates.
Many android users have received this FluBot installation malware, which leaves them with malware that compromises their devices, and leads to sensitive data being accessed or compromised by these hackers.
The FluBot malware is sophisticated in regards to how it operates. The malware is a software hacking tool that has been designed to steal sensitive data. The data stolen by hackers using this malware ranges from login details such as passwords and other account credentials of financial apps and software installed in android devices.
Android users are being urged to maintain vigilance when using their devices because of the increased malware reports that target these devices. The FluBot malware is the recent one that has been used to target Android users.
The Google Play Store has been making headlines in recent weeks because of fraudulent applications luring users to install them. Those who download these applications unknowingly and grant them the necessary permissions end up dealing with compromised systems.
A report issued towards the end of last month revealed the use of a trojan tool used GriftHorse. This trojan infected around 200 applications. Furthermore, the software had advanced systems that enabled it to bypass the security clearance issued by Google Play Store.
FluBot Malware has Changed Tactics
Users have used this type of malware to target a wide range of different devices. However, it is specific to devices that use the Android operating system.
However, malware has been developed to start attracting smartphones through spam messages. It has also stolen contacts from some infected devices. Once the malware has been deployed on the device, it urges the user to grant it additional permissions that will give it access to various phone functionalities.
One of the critical functionalities that the android device can affect is the Accessibility service. This will give it access to the android device and thus end up compromising the device.
Once it gains access to the device’s functionality service, it can operate in the background and do all the compromised functionalities without the user noticing. By the time the user detects that the malware is installed on the device, it has already done extensive damage.
As mentioned, the FluBot malware compromises the user’s device by sending a notification to this device. Hence, the safest thing that a user can do is disregard any notifications that appear suspicious and those that have not been sent from Google’s official accounts.
Moreover, a user has also been advised not to download anything on their devices. To keep a device safe, one has also been advised to only download applications that have been listed on the Google Play Store.
The mode of operation of the FluBot malware is similar to what is used by the SOVA malware. The SOVA malware was used to infect a wider range of applications in the US and Spain. Among the affected applications were shopping, banking and crypto wallet applications.
