Follina Windows Zero-Day Vulnerability Identified

Contents

What Happened?

We were able to encounter this malware for the first time at the end of 2020, while it reached its full potential in the middle of 2021, it went viral all over the world primarily on Android phones. While most newspapers wrote that this was Android malware, the victims also appeared on iOS.

FluBot Android malware infection pattern
  • The victim receives an SMS on her phone with the information that she received the package or listens to a fake voicemail message.
  • The malicious message contains a link to a website containing malware, disguised as the delivery company’s application.
  • The victim downloads and installs the application.
  • Attackers then use this access to steal banking app credentials or cryptocurrency account details and disable built-in security mechanisms.
  • In addition to the above, the malware uploads the victim’s contacts to its C&C (Command & Control) server.
  • The C&C server sends a list of phone numbers to the victim’s device.
  • The victim’s device sends text messages to these numbers, which are other potential victims.

To avoid detection, the victim device sends messages to other numbers but not to those in its phonebook.