Dangerous Android malware is spread via SMS. Called “Flubot”, this malicious software is designed to suck all the data stored on your smartphone, including your bank details and passwords. To allay the mistrust of their victims, hackers pose as a parcel delivery service.
The National Cyber Security Center (NCSC), a British organization dedicated to computer security, warns users of an Android smartphone: spyware called Flubot currently spread by SMS.
According to the organization’s report, many Android users residing in the UK have received an SMS claiming thata package could not be delivered to their home. The message assures that it comes from a delivery service, such as DHL. The scams that evoke a package not received are legion. A few weeks ago, a similar phishing attack also targeted the French.
Spyware seeks to steal Android users’ bank details
To track the delivery of the package (entirely fictitious) and schedule a new receipt date, users are invited to install an application. The SMS relays to a dummy website which uses the interface of the delivery service. The site encourages the user to install an APK file. Obviously, this APK file has nothing to do with an Android app to track your parcels.
“The tracking application is actually spyware that steals passwords and other sensitive data” explains the National Cyber Security Center, ensuring that APK file is designed to install Flubot on victims’ smartphone. The malware then siphons a large amount of data, including passwords or online banking details. With this information, a seasoned attacker, equipped with anti-fraud detection software, can steal the money in your bank account.
If you have already installed the APK, the NCSC advises to reset your smartphone to the factory emergency settings. Then, change the passwords of all your online accounts, including those from your online banking. “If you have used these same passwords for other accounts, these must also be changed” underlines the report.
According to a study by Lab42, 59% of Internet users use the same password for all their online accounts. This very widespread practice obviously makes it easier for pirates. To choose a good password, we advise you to avoid the most classic diagrams, with a capital letter at the beginning and a symbol placed at the end, and to opt for a succession of characters which mixes punctuation, symbols, numbers and letters. Finally, to avoid forgetting your new secure code, we will recommend a password generator.
Source: National Cyber Security Center