Watch out – that Android security update may be malware

The creators of FluBot have released a new marketing campaign that takes advantage of phony Android security update warnings to trick likely victims into setting up the malware on their units.

In a new website write-up, New Zealand’s laptop or computer crisis response workforce Cert NZ has warned users that the message on the malware’s new installation webpage is in fact a entice developed to instill a perception of urgency that tips users into setting up FluBot on their have units.

The new FluBot installation webpage, that users are led to immediately after obtaining phony messages about pending or skipped bundle deliveries or even stolen photos uploaded on the internet, informs them that their units are contaminated with FluBot which is a variety of Android spy ware utilized to steal money login and password data from their units. Having said that, by setting up a new security update, they can take out FluBot from their Android smartphone.

The webpage also goes a phase further more by instructing users to empower the installation of apps from unfamiliar sources on their unit. By doing so, the cybercriminals’ phony security update can be put in on their unit and when a user may imagine they have taken action to safeguard against FluBot, they have in fact put in the malware on their smartphone by themselves.

Altering techniques

Until eventually recently, FluBot was distribute to Android smartphones by spam text messages working with contacts stolen from units that had been by now contaminated with the malware. These messages would instruct likely victims to set up apps on their units in the variety of APKs that had been sent by attacker-controlled servers.

The moment FluBot has been put in on a user’s unit, the malware often attempts to trick victims into supplying it supplemental permissions as properly as granting entry to the Android Accessibility service that enables it to operate in the qualifications and execute other destructive responsibilities.

FluBot is able of thieving a user’s payment and banking information and facts by working with overlay assaults exactly where an overlay is positioned on top rated of authentic banking, payment and cryptocurrency apps. As described before, the malware will also steal a user’s contacts to deliver them phishing messages to assistance distribute FluBot even further more.

While FluBot was mostly utilized to goal users in Spain at its onset, its operators have since expanded the marketing campaign to goal supplemental nations around the world in Europe which include Germany, Poland, Hungary, Uk and Switzerland as properly as Australia and Japan in modern months.

Through BleepingComputer