Recent Cyber Attacks

Follina Windows Zero-Day Vulnerability Identified

May 7, 2024

What Happened?

We were able to encounter this malware for the first time at the end of 2020, while it reached its full potential in the middle of 2021, it went viral all over the world primarily on Android phones. While most newspapers wrote that this was Android malware, the victims also appeared on iOS.

The victim receives an SMS on her phone with the information that she received the package or listens to a fake voicemail message.
The malicious message contains a link to a website containing malware, disguised as the delivery company’s application.
The victim downloads and installs the application.
Attackers then use this access to steal banking app credentials or cryptocurrency account details and disable built-in security mechanisms.
In addition to the above, the malware uploads the victim’s contacts to its C&C (Command & Control) server.
The C&C server sends a list of phone numbers to the victim’s device.
The victim’s device sends text messages to these numbers, which are other potential victims.

To avoid detection, the victim device sends messages to other numbers but not to those in its phonebook.

International Cooperation Stopping FluBot

In May 2022, this malware was stopped by international cooperation between Europol and law enforcement agencies from:

Australia: Australian Federal Police.
Belgium: Federal Police (Federale Politie / Police Fédérale).
Finland: National Bureau of Investigation (Poliisi).
Hungary : National Bureau of Investigation. (Nemzeti Nyomozó Iroda).
Ireland: An Garda Síochána.
Romania: Romanian Police (Poliția Română).
Sweden: Swedish Police Authority (Polisen).
Switzerland: Federal Office of Police (fedpol).
Spain: National Police (Policia Nacional).
Netherlands: National Police (Politie).
United States: United States Secret Service.

These few countries were coordinated by Europol’s European Cybercrime Centre (EC3), where since the first appearance of this malware (2020).

Specifically, EC3 teamed with national investigators in affected countries to establish a joint strategy and provided digital forensic support, as well as facilitated the exchange of operational information across various national entities, the agency said.

Who Is Responsible For The FluBot Malware?

Although there have been no official arrests responsible for this malware and attacks around the world, the international law-enforcement team will continue to seek the individuals behind the campaign, who are still at large, according to Europol.

Free IT Security Policies

Get a step ahead of your goals with our comprehensive templates.

Download Now

What Applications Have Been Hit By FluBot?

In the research so far, some of the following applications have been hit:

Bankinter – com.bankinter.launcher
BBVA – com.bbva.bbvacontigo
Cajasur– com.cajasur.android
Grupo Cooperativo Cajamar – com.grupocajamar.wefferent
Imagin Bank – com.imaginbank.app
Kutxabank – com.kutxabank.android
Ruralvia – com.rsi
Laboral – com.tecnocom.cajalaboral
Banco Santander – es.bancosantander.apps
Bankia – es.cm.android
Evo Banco – es.evobanco.bancamovil
IberCaja – es.ibercaja.ibercajaapp
Liber Bank – es.liberbank.cajasturapp
Openbank – es.openbank.mobile
Pibank – es.pibank.customers
Unicaja Banco – es.univia.unicajamovil
ING – www.ingdirect.nativeframe

And two related to cryptocurrency trading platforms:

Binance – com.binance.dev
Coinbase – com.coinbase.andriod

How To Prevent The FluBot Malware

Back up all your data periodically. If you have reason to believe your Android phone is infected, factory-reset your device, but be very careful because this will also erase all your unsaved personal data.
Restore your device using a backup made before you were infected and change all your passwords.
Treat all mobile links with extreme caution.
Watch out for suspicious text messages.
Fight the urge to click on links you receive via SMS, even if the message seems to come from a reliable source.
Track your deliveries independently.
Don’t log in to pages through links you receive in messages.
Don’t install apps or updates through suspicious links.
Don’t rush into any action, even if the message seems urgent.

Article by

Jason Firch, MBA

Jason is a proven marketing leader, veteran IT operations manager, and cybersecurity expert with over a decade of experience. He is the founder and CEO of PurpleSec.

Jason Firch, MBA

Jason is a proven marketing leader, veteran IT operations manager, and cybersecurity expert with over a decade of experience. He is the founder and CEO of PurpleSec.

Share This Article

Our Editorial Process

Our content goes through a rigorous approval process which is reviewed by cybersecurity experts – ensuring the quality and accuracy of information published.