FluBot, the SMS scam malware, is estimated to have infected 60,000 phones and stolen the number of 1 in 4 Spaniards



Although we have known for months SMS scams that impersonate messaging companies under various pretexts with the aim of installing a malicious application on Android phones, it has not been until now that a cybersecurity company has put numbers and names on this important threat. A serious problem, mainly for Spanish users, which only gets worse with successive campaigns.



FluBot is the name they have given to malware, "because its spread rate and infection vector resemble the common flu", and these are the figures estimated by the Swiss company PRODAFT: more than 60,000 infected Android terminals and 11 million stolen phone numbers. A figure, the latter, which represents 25% of the inhabitants of Spain.






Those behind this dangerous Trojan are able to access our device and our bank accounts to the point of withdrawing money from them without the affected users being able to perceive it.




They claim that in 6 months he could steal all phone numbers in Spain




Android 1869510 1920



We have been seeing since the end of 2020 and the beginning of 2021 how campaigns follow one another that follow the same pattern: by means of an SMS, they notify of the reception of a package impersonating a logistics company and invite the receiver of the text message to install an application, bypassing different security systems of the phone, supposedly to be able to know where the package is.



We have seen campaigns of this type that supplant Correos, FedEx or DHL. Also, they assure from the company that it has estimated the impact of the threat, the banking Trojan has also presented itself as a Chrome installation. Even though this costume they wouldn't have used it that much.



PRODAFT, which has published the results of its research, has been able to measure the impact of FluBot thanks to the de-anonymization of the command and control infrastructure of the botnet that has been woven. In the control panel they could see that, despite its simplistic vision, it was able to handle tens of thousands of connections with infected devices "without any performance problems". Specifically, connection with the aforementioned 60,000 Android phones.




Despite its simplistic view, the Trojan's control panel is capable of handling 60,000 connections to infected devices "without any performance issues"










The fake Fedex SMS is behind a sophisticated and very dangerous Android virus: how it works to steal money from the bank's app from its victims





The problem, beyond the infection of the device itself, is that malware can steal money from our bank accounts through banking applications. As our colleagues from Engadget, those behind this dangerous Trojan are able to access our device and our accounts. They can even operate with them and withdraw money without making noise thanks, among other reasons, to the fact that it can read incoming SMS and capture the confirmation codes sent by banks to confirm operations. It is, unequivocally, one of the most dangerous and sophisticated Trojans in the history of Android.



Swiss experts point out that 97% of current victims, at least those they have been able to detect, are located in Spain. Through the infections of its terminals, in addition, have managed to steal a total of 11 million mobile phone numbers from their agendas, which represents 25% of the Spanish population.




What starts with a seemingly harmless SMS can end with our bank accounts emptied










How to uninstall the fake FedEx app if you have fallen for the SMS scam, step by step





From PRODAFT they assure that this malware would be able to collect "almost all phone numbers in Spain within 6 months" if no action is taken. The problem is that, as they explain, the SMS propagation functionality of FluBot is extremely good: it has a good implementation and that allows it to work in almost all the configurations that it finds in the infected terminals.



On the other hand, both who is behind this threat and whether it will affect other countries in a special way in the future is unknown. However, researchers have found in the sample of malware contains textual content to target German, Polish and English speaking users. For those affected, they can follow this step-by-step tutorial to uninstall the fake app of this SMS scam.