Dubawa

FLUBOT: What you need to know about new Malware that targets users’ financial credentials

By Aisha Ali

On October 21, 2021, the Nigeria Computer Emergency Response Team (ngCERT), announced and warned online users about the emergence of a new malware that “targets Androids with fake security updates and app installations.”

The malware called ‘Flubot’ is said to “impersonate Android mobile banking applications to draw fake web views on targeted applications.” It also steals the personal data and financial information of unsuspecting persons.

Although multiple reports show it uses different schemes found in older malware families, Flubot has caused a lot of damage within the few months of its emergence.

What is Flubot?

A malware is a generic word used to describe a virus or a malicious software, designed specially to disrupt damage or gain unauthorised access to a computer system. As such, flubot is a malware-like computer virus that can be installed on an android device via a malicious link that is sent through an SMS.

This malware can take over a user’s phone and send text messages to other people from the device without the user’s knowledge, potentially infecting them as well.

Flubot malware was first identified on Australian shores in August 2021. It was characterised by a text sent from an Australian phone number that enticed users to click on a link that would then infect their android device with malware.

How Flubots works

The malware targets different mobile apps based on the device’s language setting. So far, there have been detections of the malware targeting bank apps mainly in Spain, but evidence suggests it may move on to other markets, such as Poland, Germany, Hungary and the UK. Aside from targeting mobile banking apps, flubot also operates on cryptocurrency-related mobile apps as well, regardless of the device’s language setting.

Flubot is crafted to deceive intended targets. First, the victim receives a text message informing them about the delivery of a package. These delivery messages usually contain a link to a website that serves as a host for the malware (disguised as the delivery company’s application).

In recent times, flubot has used the DHL, UPS and FedEx brands to lure unsuspecting members of the public. When the victim downloads and installs the application, the malware uploads the victim’s contacts to its C&C (Command & Control server) and from there, the scheme is launched.

Click here to continue reading

Fact Checks of the week

Humanitarian Affairs Minister did not say cash transfer is only for the North

A viral screenshot claims the minister of humanitarian affairs, Sadiya Farouk, said the government’s cash transfer policy is only for the North as there are no poor persons in…

Billionaire kidnapper, Evans, not sentenced to death by court

A popular social media personality Ayo Ojeniyi, shared in a Facebook post a video wherein it was claimed that a kidnap kingpin, Chukwudumeme Onwuamadike, popularly known as Evans, has been sentenced to death. But how true is this?

Science has not proven the effectiveness of bitter kola as antivenom

Recently, a Nigerian Air Force (NAF) personnel attached to the Defence Intelligence Agency (DIA), Lance Corporal Ogah Bercy, was reported to have died of complications from a snakebite in her toilet on 19 November 2021, at the NAF base Bill Clinton Drive, Abuja. Reports said the snake is suspected to…