Europol Confirms Takedown of SMS-based FluBot Spyware

Europol’s European Cybercrime Center (EC3) announced the execution of an international law enforcement operation that involved 11 countries and resulted in the takedown of the so-called “FluBot” Spyware.

The technical achievement reportedly followed an investigation involving law enforcement authorities of Australia, Belgium, Finland, Hungary, Ireland, Spain, Sweden, Switzerland, the Netherlands, and the United States and coordinated by EC3.

“With cases spreading across Europe and Australia, international police cooperation was central in taking down the FluBot criminal infrastructure,” said EC3.

Writing in a blog postEuropol said the task force’s actions were prompted by the Android malware spreading aggressively through SMS, stealing passwords, online banking details and other sensitive information from infected smartphones across the world.

Now, Europol confirmed FluBot’s infrastructure was successfully put under the control of law enforcement, following a May operation by the Dutch Police, whose actions rendered the strain of malware inactive.

For context, FluBot was first seen in the wild in December 2020, but only gained traction in 2021, when it infected a substantial amount of devices around the world, particularly in Finland and Spain

Much like TangleBot, FluBot attached itself to a device via text messages that asked Android users to click a link and install an application (typically to track a package delivery or listen to a fake voicemail message).

Once installed, the app would ask for accessibility permissions, which were used by malicious actors to steal banking app credentials and cryptocurrency account details as well as disable built-in security features.

Interpol said the malware was particularly virulent as it automatically multiplied by accessing an infected smartphone’s contacts and forwarding itself to their devices.

EC3 also explained that since FluBot malware was disguised as an application, it could be difficult to spot.

“There are two ways to tell whether an app may be malware: If you tap an app, and it does not open [and] If you try to uninstall an app, and are instead shown an error message. ”

While the FluBot infrastructure is now reportedly under the control of Dutch police forces, Europol recommended to all Android users who believe they may have accidentally installed FluBot to reset their phones to factory settings.

Source

Europol’s European Cybercrime Center (EC3) announced the execution of an international law enforcement operation that involved 11 countries and resulted in the takedown of the so-called “FluBot” Spyware.

The technical achievement reportedly followed an investigation involving law enforcement authorities of Australia, Belgium, Finland, Hungary, Ireland, Spain, Sweden, Switzerland, the Netherlands, and the United States and coordinated by EC3.

“With cases spreading across Europe and Australia, international police cooperation was central in taking down the FluBot criminal infrastructure,” said EC3.

Writing in a blog postEuropol said the task force’s actions were prompted by the Android malware spreading aggressively through SMS, stealing passwords, online banking details and other sensitive information from infected smartphones across the world.

Now, Europol confirmed FluBot’s infrastructure was successfully put under the control of law enforcement, following a May operation by the Dutch Police, whose actions rendered the strain of malware inactive.

For context, FluBot was first seen in the wild in December 2020, but only gained traction in 2021, when it infected a substantial amount of devices around the world, particularly in Finland and Spain

Much like TangleBot, FluBot attached itself to a device via text messages that asked Android users to click a link and install an application (typically to track a package delivery or listen to a fake voicemail message).

Once installed, the app would ask for accessibility permissions, which were used by malicious actors to steal banking app credentials and cryptocurrency account details as well as disable built-in security features.

Interpol said the malware was particularly virulent as it automatically multiplied by accessing an infected smartphone’s contacts and forwarding itself to their devices.

EC3 also explained that since FluBot malware was disguised as an application, it could be difficult to spot.

“There are two ways to tell whether an app may be malware: If you tap an app, and it does not open [and] If you try to uninstall an app, and are instead shown an error message. ”

While the FluBot infrastructure is now reportedly under the control of Dutch police forces, Europol recommended to all Android users who believe they may have accidentally installed FluBot to reset their phones to factory settings.

Source

More from author

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Related posts

Advertismentspot_img

Latest posts

Threat Intelligence Services Are Universally Valued by IT Staff

Almost all IT professionals believe that threat intelligence services and feeds will help their company get ready for and repulse malware attacks. Only...

Black Basta may be an all-star ransomware gang made up of former Conti and REvil members

The group has targeted 50 businesses from English speaking countries since April 2022. ...

APAC companies are failing to build successful digital models: Forrester

Approximately 61% of APAC organizations have failed to build robust and successful digital business business models, primarily due to unsound practices of enterprise architecture...

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!