Europol today announced the takedown of FluBot, a piece of mobile malware targeting both Android and iOS devices that has been fast-spreading via SMS messages.
Also referred to as Fedex Banker and Cabassous, the spyware has been around since late 2020, mainly focused on users in Europe, but with attacks also registered in the United States, Australia, Japan, New Zealand, and elsewhere.
The threat spreads using a technique known as smishing, which involves SMS phishing messages that attempt to lure victims into clicking a link to download the malicious payload.
Initially, the spyware only targeted Android devices, but recent campaigns were seen targeting iOS devices as well. Security researchers have reported seeing tens of thousands of SMS messages being sent hourly as part of these widespread attacks.
The smishing messages masquerade as voicemails and messages from the mobile operator, but may also contain more traditional phishing lures, such as delivery notifications or claims that someone is sharing a photo album with the intended victim.
Once it has been installed on a device, the malware starts spamming text messages to the victim’s contacts, to infect their devices too.
Furthermore, FluBot would steal user passwords, online banking information, and other sensitive data from the infected devices.
Today, Europol announced that the Dutch Police was able to successfully disrupt the FluBot infrastructure in May, as part of an operation involving law enforcement authorities in 11 countries.
“This FluBot infrastructure is now under the control of law enforcement, putting a stop to the destructive spiral,” Europol says.
In an attempt to hide its malicious intent, FluBot disguises itself as a legitimate application, but it won’t let the user open the app or uninstall it, which could indicate an infection. Resetting the device to factory settings should eliminate the threat.
In March last year, members of the FluBot gang were arrested in Spain, but the malware continued to operate and expand.
Related: FluBot Android Malware Expected to Start Targeting U.S.
Related: SharkBot Android Malware Continues Popping Up on Google Play
Related: ‘Octo’ Android Trojan Allows Cybercrooks to Conduct On-Device Fraud

More from Ionut Arghire
- Blackpoint Raises $190 Million to Help MSPs Combat Cyber Threats
- ‘Asylum Ambuscade’ Group Hit Thousands in Cybercrime, Espionage Campaigns
- Google Cloud Now Offering $1 Million Cryptomining Protection
- Pharmaceutical Giant Eisai Takes Systems Offline Following Ransomware Attack
- North Korean Hackers Blamed for $35 Million Atomic Wallet Crypto Theft
- Cisco Patches Critical Vulnerability in Enterprise Collaboration Solutions
- Android’s June 2023 Security Update Patches Exploited Arm GPU Vulnerability
- US, Israel Provide Guidance on Securing Remote Access Software
Latest News
- In Other News: AI Regulation, Layoffs, US Aerospace Attacks, Post-Quantum Encryption
- Blackpoint Raises $190 Million to Help MSPs Combat Cyber Threats
- Google Introduces SAIF, a Framework for Secure AI Development and Use
- ‘Asylum Ambuscade’ Group Hit Thousands in Cybercrime, Espionage Campaigns
- Evidence Suggests Ransomware Group Knew About MOVEit Zero-Day Since 2021
- SaaS Ransomware Attack Hit Sharepoint Online Without Using a Compromised Endpoint
- Google Cloud Now Offering $1 Million Cryptomining Protection
- Democrats and Republicans Are Skeptical of US Spying Practices, an AP-NORC Poll Finds
