Europol today announced the takedown of FluBot, a piece of mobile malware targeting both Android and iOS devices that has been fast-spreading via SMS messages.
Also referred to as Fedex Banker and Cabassous, the spyware has been around since late 2020, mainly focused on users in Europe, but with attacks also registered in the United States, Australia, Japan, New Zealand, and elsewhere.
The threat spreads using a technique known as smishing, which involves SMS phishing messages that attempt to lure victims into clicking a link to download the malicious payload.
Initially, the spyware only targeted Android devices, but recent campaigns were seen targeting iOS devices as well. Security researchers have reported seeing tens of thousands of SMS messages being sent hourly as part of these widespread attacks.
The smishing messages masquerade as voicemails and messages from the mobile operator, but may also contain more traditional phishing lures, such as delivery notifications or claims that someone is sharing a photo album with the intended victim.
Once it has been installed on a device, the malware starts spamming text messages to the victim’s contacts, to infect their devices too.
Furthermore, FluBot would steal user passwords, online banking information, and other sensitive data from the infected devices.
Today, Europol announced that the Dutch Police was able to successfully disrupt the FluBot infrastructure in May, as part of an operation involving law enforcement authorities in 11 countries.
“This FluBot infrastructure is now under the control of law enforcement, putting a stop to the destructive spiral,” Europol says.
In an attempt to hide its malicious intent, FluBot disguises itself as a legitimate application, but it won’t let the user open the app or uninstall it, which could indicate an infection. Resetting the device to factory settings should eliminate the threat.
In March last year, members of the FluBot gang were arrested in Spain, but the malware continued to operate and expand.
Related: FluBot Android Malware Expected to Start Targeting U.S.
Related: SharkBot Android Malware Continues Popping Up on Google Play
Related: ‘Octo’ Android Trojan Allows Cybercrooks to Conduct On-Device Fraud

More from Ionut Arghire
- US, Israel Provide Guidance on Securing Remote Access Software
- Android’s June 2023 Security Update Patches Exploited Arm GPU Vulnerability
- Blumira Raises $15 Million for SMB-Tailored XDR Platform
- KeePass Update Patches Vulnerability Exposing Master Password
- Google Workspace Gets Passkey Authentication
- Cybersecurity Startup Elba Raises €2.5 Million for Employee-Focused Product
- Apple Unveils Upcoming Privacy and Security Features
- Dozens of Malicious Extensions Found in Chrome Web Store
Latest News
- BBC, British Airways, Novia Scotia Among First Big-Name Victims in Global Supply-Chain Hack
- Sysdig Introduces CNAPP With Realtime CDR
- Stay Focused on What’s Important
- VMware Plugs Critical Flaws in Network Monitoring Product
- Hackers Issue ‘Ultimatum’ Over Payroll Data Breach
- US, Israel Provide Guidance on Securing Remote Access Software
- OWASP’s 2023 API Security Top 10 Refines View of API Risks
- Android’s June 2023 Security Update Patches Exploited Arm GPU Vulnerability
