Malware Report

FluBot: Text Messages Impersonating Delivery Services Companies

There are already several families of banking malware for Android that we have seen appear at the beginning of 2021, such as Toodler, Oscorp and, now, FluBot. Although in the first few versions of FluBot, its developers seemed to be mainly interested in stealing the credentials of clients of Spanish entities, over the months new versions have been detected that have been distributed in campaigns in other European countries.

Even in the latest versions, samples prepared for use in campaigns in Japan have been found, which include a different seed for the DGA and strings in Japanese for the fake messages that are shown to the victim.

Without a doubt, the expansion to other countries that we're seeing, especially in recent weeks, tells us that we're probably facing what could become one of the most active bankers this year.

Currently, versions have been detected that are used in campaigns in Spain, the United Kingdom, Hungary, Poland, Norway, Italy, Denmark, the Netherlands, Germany, Sweden, Finland and Japan. Based on what has been observed so far, the list of affected countries is expected to continue growing.

The distribution of this banking trojan is one of its main strengths, since the use of text messages impersonating delivery services companies is a really good idea for deceiving the victims and getting them to install the malicious application.