![norton antivirus android norton antivirus android](https://media.cybernews.com/2021/01/Norton-360-main-screen.png)
Campaigns and versionsįrom late 2020 and into early 2021, an initial Flubot campaign hit Spain and reportedly infected more than 60,000 Android devices.
![norton antivirus android norton antivirus android](https://cdn.mos.cms.futurecdn.net/ttuxbf7gEJgBUzMGMyr7AR-1200-80.jpg)
The Flubot malware does not exploit any vulnerabilities in the Android OS or targeted devices but prompts the user to manually grant two powerful system permissions. These permissions allow the attackers to steal credentials from banking and cryptocurrency apps on infected devices, using overlays and then exfiltrate one-time-password (OTP) and two-factor authentication (2FA) codes. The contact list is subsequently sent to a command-and-control (C&C or C2) server and used to seed new waves of smishing messages that are sent through infected phones (devices). After a victim falls for this social engineering trick, Flubot is downloaded to the mobile device and requests various permissions, including access to the contact list, sending SMS messages, and overlaying other applications. The landing page then presents a download button supposedly required to track the package. Flubot, also called Cabassous, is an Android banking malware (also a banking trojan) that is pushed by cybercriminals in large-scale campaigns, targeting consumers across Europe this spring.Īccess to the botnet is being sold in underground forums by the operators to criminal groups as a so-called malware-as-a-service (MAAS). The actors behind the Flubot botnet sending Smishing (SMS phishing) messages with fake notices of upcoming package deliveries and urge the victim to follow a link to track the shipment.