Europol today announced the takedown of FluBot, a piece of mobile malware targeting both Android and iOS devices that has been fast-spreading via SMS messages.
Also referred to as Fedex Banker and Cabassous, the spyware has been around since late 2020, mainly focused on users in Europe, but with attacks also registered in the United States, Australia, Japan, New Zealand, and elsewhere.
The threat spreads using a technique known as smishing, which involves SMS phishing messages that attempt to lure victims into clicking a link to download the malicious payload.
Initially, the spyware only targeted Android devices, but recent campaigns were seen targeting iOS devices as well. Security researchers have reported seeing tens of thousands of SMS messages being sent hourly as part of these widespread attacks.
The smishing messages masquerade as voicemails and messages from the mobile operator, but may also contain more traditional phishing lures, such as delivery notifications or claims that someone is sharing a photo album with the intended victim.
Once it has been installed on a device, the malware starts spamming text messages to the victim’s contacts, to infect their devices too.
Furthermore, FluBot would steal user passwords, online banking information, and other sensitive data from the infected devices.
Today, Europol announced that the Dutch Police was able to successfully disrupt the FluBot infrastructure in May, as part of an operation involving law enforcement authorities in 11 countries.
“This FluBot infrastructure is now under the control of law enforcement, putting a stop to the destructive spiral,” Europol says.
In an attempt to hide its malicious intent, FluBot disguises itself as a legitimate application, but it won’t let the user open the app or uninstall it, which could indicate an infection. Resetting the device to factory settings should eliminate the threat.
In March last year, members of the FluBot gang were arrested in Spain, but the malware continued to operate and expand.
Related: FluBot Android Malware Expected to Start Targeting U.S.
Related: SharkBot Android Malware Continues Popping Up on Google Play
Related: ‘Octo’ Android Trojan Allows Cybercrooks to Conduct On-Device Fraud