Google recently boasted of the success of its efforts to protect the Google Play Store and Android devices last year, mainly using advanced machine learning technology. This, however, does not cover applications purchased outside the Play Store and the phones that install them. Sometimes the very open nature of Android sometimes works against it because of this, as in the case of this FluBot malware that is spreading quickly like a real virus, spreading to people on your phone’s phonebook to steal your passwords.
The way malware works is not exactly that sophisticated and depends on good old social engineering. Victims receive a text message claiming to be from a popular courier service, such as DHL or Amazon. The message includes a link that recommends that people tap to track their packages.
As most probably would have guessed, this link opens a web page that instead downloads an Android APK and asks users to install it. By default, Android does not allow installation of unverified third-party fonts, but the site is kind enough to provide instructions on how to change this. After a phone is infected, it allegedly steals passwords, online banking details and other sensitive information stored on the phone.
Like the flu, this FluBot malware also scans your phone’s address list to send the same phishing message to people, which is how it is spreading quickly to Android phones. Given the way iPhones are locked, Apple iOS device owners are immune to this trick, but the UK’s National Cyber Security Center (NCSC) still recommends that iPhone users should play it safe and not open it. those links anyway.
The report raises the question of how passwords and login credentials, which are often encrypted or protected on Android and most browsers, can be stolen so easily, although this is not exactly unknown. Unfortunately, there is no fix for those already infected apart from resetting their phones from factory. It may not be so bad for those with backups, but users should be careful when restoring backups made after being infected by FluBot.