BEWARE: Android Virus FluBot in the Wild

[MikeSW17]

A recent virus FluBot is rampant. You receive a text message referring to a delivery, with a link to click. Presently it purports to be from DHL.

The link takes you to a page that claims to be DHL and you are prompted to download a delivery Tracking App. DON'T.

If you do, (and the install works - Kaspersky caught it for me) apparently all your personal data: Passwords/Banking/Etc etc is at risk.

The UK National Cyber Security Centre issued this: https://www.ncsc.gov.uk/guidance/flubot-guidance-for-text-message-scam

 

[Sandman]

In all fairness, every step of the process pretty much screamed SCAM.

 

[MikeSW17]

In all fairness, every step of the process pretty much screamed SCAM.

Of course it does, but many people fall for it.

I did. I was actually expecting two packages (from eBay) although I was expecting them by mail rather than courier (DHL).
But in these times, who knows how packages are actually being transported ?
With only a moment of surprise rather than suspicion, I clicked the link in the text and got to a perfectly 'normal' looking DHL page, with a button to download 'their' Tracking App.
Thank god my Kaspersky AV immediately detected the APK was dangerous and offered just 'Delete' or 'Quarantine' options.

Frightening is that an APP can (easily?) bypass Android controls and access data files of other Apps and other protections.

 

[Sandman]

Frightening is that an APP can (easily?) bypass Android controls and access data files of other Apps and other protections.

Considering the initially low technical level of the attack, I imagine the app didn't use an exploit, it just requested lots of permissions. Again screaming SCAM.

 

[MikeSW17]

According to the UK Cyber Security Center, the App does ACHIEVE it's aims of stealing other Apps' Data, and maybe data entry screen presses too.
I understood that Android 'sandboxes' App so data cannot be shared.
Given that it gains permissions (System etc) not available to developers it's a serious flaw in Android I believe.

 

[MikeSW17]

Actually, I'm beginning to worry if the Hackers might not have also penetrated the Royal Mail system here in the UK.

I got exactly two of these texts, just when I was expecting two tracked packages from the Royal Mail.
As I get virtually zero 'spam' texts (my number has pretty limited circulation) it seems a bit of a coincidence.

 

[Sandman]

Given that it gains permissions (System etc) not available to developers it's a serious flaw in Android I believe.

Best guess, as I haven't researched, is that they requested permissions not possible to request in the app store. It's not possible for users to install apps from noon-store origins, unless they enable that functionality, as you surely know.

Each and every step scream scam. I see no flaw in Android here.

 

[KMatle]

Facebook is the cause. 500 million accounts had been hacked (= the data had been ripped off) and have now been published in the www. The data contains phone numbers, too. So it is what it is.

To solve the issue:

1. Don't click on links you don't know.
2. Don't install an app from unnown sources
3. Never believe any messages you get (text, mail, etc.).

 

[moty22]

Can this virus mutate?