Shop Plans

Follina Windows Zero-Day Vulnerability Identified

Contents

What Happened?

We were able to encounter this malware for the first time at the end of 2020, while it reached its full potential in the middle of 2021, it went viral all over the world primarily on Android phones. While most newspapers wrote that this was Android malware, the victims also appeared on iOS.

FluBot Android malware infection pattern
  • The victim receives an SMS on her phone with the information that she received the package or listens to a fake voicemail message.
  • The malicious message contains a link to a website containing malware, disguised as the delivery company’s application.
  • The victim downloads and installs the application.
  • Attackers then use this access to steal banking app credentials or cryptocurrency account details and disable built-in security mechanisms.
  • In addition to the above, the malware uploads the victim’s contacts to its C&C (Command & Control) server.
  • The C&C server sends a list of phone numbers to the victim’s device.
  • The victim’s device sends text messages to these numbers, which are other potential victims.

To avoid detection, the victim device sends messages to other numbers but not to those in its phonebook.

.

International Cooperation Stopping FluBot

In May 2022, this malware was stopped by international cooperation between Europol and law enforcement agencies from:

  • Australia: Australian Federal Police.
  • Belgium: Federal Police (Federale Politie / Police Fédérale).
  • Finland: National Bureau of Investigation (Poliisi).
  • Hungary : National Bureau of Investigation. (Nemzeti Nyomozó Iroda).
  • Ireland: An Garda Síochána.
  • Romania: Romanian Police (Poliția Română).
  • Sweden: Swedish Police Authority (Polisen).
  • Switzerland: Federal Office of Police (fedpol).
  • Spain: National Police (Policia Nacional).
  • Netherlands: National Police (Politie).
  • United States: United States Secret Service.

These few countries were coordinated by Europol’s European Cybercrime Centre (EC3), where since the first appearance of this malware (2020).

Specifically, EC3 teamed with national investigators in affected countries to establish a joint strategy and provided digital forensic support, as well as facilitated the exchange of operational information across various national entities, the agency said.

Who Is Responsible For The FluBot Malware?

Although there have been no official arrests responsible for this malware and attacks around the world, the international law-enforcement team will continue to seek the individuals behind the campaign, who are still at large, according to Europol.

Free Security Policy Templates

Get a step ahead of your cybersecurity goals with our comprehensive templates.

Download Now
IT Security Policy Templates

What Applications Have Been Hit By FluBot?

In the research so far, some of the following applications have been hit:

  • Bankinter – com.bankinter.launcher
  • BBVA – com.bbva.bbvacontigo
  • Cajasur– com.cajasur.android
  • Grupo Cooperativo Cajamar – com.grupocajamar.wefferent
  • Imagin Bank – com.imaginbank.app
  • Kutxabank – com.kutxabank.android
  • Ruralvia – com.rsi
  • Laboral – com.tecnocom.cajalaboral
  • Banco Santander – es.bancosantander.apps
  • Bankia – es.cm.android
  • Evo Banco – es.evobanco.bancamovil
  • IberCaja – es.ibercaja.ibercajaapp
  • Liber Bank – es.liberbank.cajasturapp
  • Openbank – es.openbank.mobile
  • Pibank – es.pibank.customers
  • Unicaja Banco – es.univia.unicajamovil
  • ING – www.ingdirect.nativeframe

And two related to cryptocurrency trading platforms:

  • Binance – com.binance.dev
  • Coinbase – com.coinbase.andriod

How To Prevent The FluBot Malware

  • Back up all your data periodically. If you have reason to believe your Android phone is infected, factory-reset your device, but be very careful because this will also erase all your unsaved personal data.
  • Restore your device using a backup made before you were infected and change all your passwords.
  • Treat all mobile links with extreme caution.
  • Watch out for suspicious text messages.
  • Fight the urge to click on links you receive via SMS, even if the message seems to come from a reliable source.
  • Track your deliveries independently.
  • Don’t log in to pages through links you receive in messages.
  • Don’t install apps or updates through suspicious links.
  • Don’t rush into any action, even if the message seems urgent.

Article by

Picture of Jason Firch, MBA
Jason Firch, MBA
Jason is a proven marketing leader, veteran IT operations manager, and cybersecurity expert with over a decade of experience. He is the founder and CEO of PurpleSec.
Linkedin
Picture of Jason Firch, MBA
Jason Firch, MBA
Jason is a proven marketing leader, veteran IT operations manager, and cybersecurity expert with over a decade of experience. He is the founder and CEO of PurpleSec.

Share This Article

Our Editorial Process

Our content goes through a rigorous approval process which is reviewed by cybersecurity experts – ensuring the quality and accuracy of information published.

Categories

AI Security

Cybersecurity Strategy

General Cybersecurity

Network Security

Penetration Testing

Ransomware

Recent Cyber Attacks

Small Business

Social Engineering

Vulnerability Management

The Breach Report

Our team of security researchers analyze recent cyber attacks, explain the impact, and provide actionable steps to keep you ahead of the trends.

Learn More

Related Breaches

PurpleSec

Get Secure Today.

Founded in 2019, PurpleSec is a veteran-owned cybersecurity company with a mission to help SMBs and startups affordably meet their security requirements.

Explore The Savings

Our Solutions

Virtual CISO

Defiance XDR

Social Engineering

Vulnerability Mgmt

Penetration Testing

Contact Us

Why PurpleSec?

About Us

Our Location

How We Work

Our Leadership

Our Mission & Values

Linkedin Youtube Twitter

Learn With PurpleSec

Blog

Podcasts

Recent Cyber Attacks

Cybersecurity Insights

View All Resources