Watch out – that Android security update may be malware

The creators of FluBot have launched a new campaign that employs pretend Android stability update warnings to trick possible victims into installing the malware on their equipment.

In a new weblog publish, New Zealand’s pc emergency reaction staff Cert NZ has warned people that the message on the malware’s new set up web page is really a lure designed to instill a sense of urgency that methods people into installing FluBot on their very own equipment.

The new FluBot set up web page, that people are led to soon after getting pretend messages about pending or missed package deliveries or even stolen photos uploaded on line, informs them that their equipment are infected with FluBot which is a type of Android spyware utilized to steal financial login and password knowledge from their equipment. Even so, by installing a new stability update, they can clear away FluBot from their Android smartphone.

The web page also goes a stage even more by instructing people to empower the set up of apps from mysterious sources on their device. By undertaking so, the cybercriminals’ pretend stability update can be put in on their device and while a consumer may well think they’ve taken action to secure against FluBot, they’ve really put in the malware on their smartphone on their own.

Altering practices

Until eventually recently, FluBot was unfold to Android smartphones through spam text messages using contacts stolen from equipment that were previously infected with the malware. These messages would instruct possible victims to install apps on their equipment in the type of APKs that were delivered by attacker-managed servers.

At the time FluBot has been put in on a user’s device, the malware often tries to trick victims into offering it more permissions as properly as granting entry to the Android Accessibility company that allows it to operate in the history and execute other malicious duties.

FluBot is able of thieving a user’s payment and banking information and facts by using overlay attacks where an overlay is positioned on top rated of legitimate banking, payment and cryptocurrency apps. As stated before, the malware will also steal a user’s contacts to send out them phishing messages to support unfold FluBot even even more.

While FluBot was largely utilized to focus on people in Spain at its onset, its operators have since expanded the campaign to focus on more countries in Europe together with Germany, Poland, Hungary, United kingdom and Switzerland as properly as Australia and Japan in the latest months.

By using BleepingComputer