HomeUpdateBe aware of this password stealing banking malware

Be aware of this password stealing banking malware

-

We independently research, test, review, and recommend the best products—learn more about our process. If you buy something through our links, we may earn a commission. learn more

Last Updated on 08/01/2022 by Nidhi Khandelwal

FluBot is a banking malware for Android that steals passwords by presenting overlay login forms against a variety of banks throughout the world.

Be aware of this password stealing banking malware 1

Fake security upgrades, fake Adobe Flash Players, voicemail messages, and imitating parcel delivery alerts are among the smishing (SMS phishing) lures used to spread it.

FluBot can steal online banking credentials, send or intercept SMS messages (including one-time passwords), and grab screenshots after it has gained access to the device.

The malware spreads quickly because it utilizes the victim’s device to send new smishing messages to all of their contacts.

Be aware of this password stealing banking malware 2

New FluBot campaigns are transmitted using SMS texts asking the receiver if they meant to submit a video from their device, according to MalwareHunterTeam, which contacted BleepingComputer.

CSIRT KNF shared an example of this campaign’s SMS text for Polish receivers, which may be seen below.

Version 5.0, which was released in early December 2021, is the most recent major release, whereas version 5.2 was just released a few days ago.

The malware developers paid close attention to the DGA (domain generation algorithm) system with this release, as it is critical in allowing the actors to operate freely.

On the communication side, the new FluBot now connects to the C2 through DNS tunneling over HTTPS, rather than straight HTTPS port 443, as it did previously

DNS resolvers should be updated. Remotely update the DGA seed use multi-part division features to send lengthier SMS messages.

Nidhi Khandelwal
Nidhi Khandelwal
Nidhi is a tech news/research contributor at TheDigitalHacker. She publishes about techno geopolitics, privacy, and data breach.
- Advertisment -

Must Read

DirectTV streaming network will sell your data even if you don’t...

0
DirectTV is a streaming network that delivers streaming content as a service. The content is generally live sports and 14.6M+ people subscribe to their...