Android malware FluBot is spreading across Europe hidden in a fake Flash Player

Malver FluBot infects Android devices hidden in a fake Flash Player, he warned F5 Labs.

FluBot is a banking Trojan for Android that steals passwords by displaying fake login forms through legitimate apps from a number of banks around the world.

Cybercriminals send SMS messages (SMS phishing, smishing) with links to fake security updates, fake Adobe Flash Player, voicemail and fake package delivery notifications.

When it infects a device, FluBot can steal online banking credentials, send or intercept SMS messages (and one-time passwords), and take screenshots.

The malware is spreading with incredible speed, since the victim’s device is used to send new messages to all her contacts.

MalwareHunterTeam has warned that FluBot is now spreading via text messages asking the recipient if they intend to upload video from their device. When the victims click on the link in the message, they will be brought to a page that offers a fake Flash Player APK that installs FluBot malware on the Android device.

Android users should avoid installing apps from unknown sites. This is especially true for well-known brands, such as Adobe, whose applications should be installed only from trusted sites.

FluBot developers are constantly developing malware, adding new features. The latest release is version 5.0, which came out in early December 2021, and a few days ago a new version 5.2 appeared.

The creators of the malware in the new version have dealt with the DGA (domain generation algorithm) system, because it allows cybercriminals to work smoothly. DGA generates many new C2 domains on the fly, making anti-malware measures such as DNS block lists ineffective. In its latest version, FluBot’s DGA uses 30 domains instead of just the three previously used.

The latest version of the malware allows cybercriminals to open URLs on demand, steal victim contacts, uninstall existing apps, disable battery optimization for Android, abuse Android accessibility service for screen capture and keylogging, make calls on demand, disable Play Protect, intercept and hide SMS messages due to OTP theft, sending SMS messages with information about the victim to C2, downloading the list of applications for loading the appropriate overlapping screens (application forms).

Keep in mind that in many cases, the link to download FluBot will arrive on your device from one of your contacts, maybe even a friend or family member. So if you receive an unusual SMS containing a URL and an invitation to click on it, it is probably a message generated by FluBot. Avoid installing apps from untrusted sites, regularly check that Google Play protection is enabled on your Android device, and use a mobile security solution from a reputable manufacturer.

Source: by

*The article has been translated based on the content of by If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!

*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.

*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!