On October 21, 2021, the Nigeria Computer Emergency Response Team (ngCERT), announced and warned online users about the emergence of a new malware that “targets Androids with fake security updates and app installations.”
The malware called ‘Flubot’ is said to “impersonate Android mobile banking applications to draw fake web views on targeted applications.” It also steals the personal data and financial information of unsuspecting persons.
Although multiple reports show it uses different schemes found in older malware families, Flubot has caused a lot of damage within the few months of its emergence.
What is Flubot?
A malware is a generic word used to describe a virus or a malicious software, designed specially to disrupt damage or gain unauthorised access to a computer system. As such, flubot is a malware-like computer virus that can be installed on an android device via a malicious link that is sent through an SMS.
This malware can take over a user’s phone and send text messages to other people from the device without the user’s knowledge, potentially infecting them as well.
Flubot malware was first identified on Australian shores in August 2021. It was characterised by a text sent from an Australian phone number that enticed users to click on a link that would then infect their android device with malware.
How Flubots works
The malware targets different mobile apps based on the device’s language setting. So far, there have been detections of the malware targeting bank apps mainly in Spain, but evidence suggests it may move on to other markets, such as Poland, Germany, Hungary and the UK. Aside from targeting mobile banking apps, flubot also operates on cryptocurrency-related mobile apps as well, regardless of the device’s language setting.
Flubot is crafted to deceive intended targets. First, the victim receives a text message informing them about the delivery of a package. These delivery messages usually contain a link to a website that serves as a host for the malware (disguised as the delivery company’s application).
In recent times, flubot has used the DHL, UPS and FedEx brands to lure unsuspecting members of the public. When the victim downloads and installs the application, the malware uploads the victim’s contacts to its C&C (Command & Control server) and from there, the scheme is launched.
Once the malware application has been installed and opened, it asks the victim to enable its accompanying accessibility service. After the rights are granted, the malware agent grants itself several permissions by abusing the access.
Nonetheless, the questions users usually ask is: How do I know I have Flubot?
When you start to receive text messages and calls from unknown numbers inquiring about messages you sent their way, your device is most likely infected already. Also, your device is definitely under the control of flubots if it carries an application that looks like a blue cassette wrapped in a yellow envelope tagged ‘voicemail’.
How do I remove Flubot from my phone?
Although it actively protects itself from deletion, you can manually remove Flubot from your device by using android’s safe boot.
Hold down the power button and restart your phone, confirming that you wish to reboot the device in safe mode. In the system settings, look for the malware app and uninstall it. Users can also restore the factory setting of their device.
Conclusion
Flubots are designed to target the financial credentials of a user. While the malware is only a functional android device, experts are warning all mobile users to be wary of unusual activities on their devices.
This article was produced per 2021 Kwame Karikari fact – checking fellowship in partnership with National Orientation Agency (NOA) to facilitate the ethos of truth in journalism and enhance media literacy in the country.