Attention, Android users! A banking malware capable of stealing sensitive information is “spreading rapidly” across Europe, with the U.S. likely to be the next target.
According to a new analysis by Proofpoint, the threat actors behind FluBot (aka Cabassous) have branched out beyond Spain to target the U.K., Germany, Hungary, Italy, and Poland. The English-language campaign alone has been observed to make use of more than 700 unique domains, infecting about 7,000 devices in the U.K.
In addition, German and English-language SMS messages were found being sent to U.S. users from Europe, which Proofpoint suspects could be the result of malware propagating via contact lists stored on compromised phones. A concerted campaign aimed at the U.S. is yet to be detected.
FluBot, a nascent entry in the banking trojan landscape, began its operations late last year, with campaigns leveraging the malware infecting more than 60,000 users in Spain, according to an analysis published by Proactive Defence Against Future Threats (PRODAFT) in March 2021. It’s said to have amassed more than 11 million phone numbers from the devices, representing 25% of the total population in Spain.
Primarily distributed via SMS phishing (aka smishing), the messages masquerade as a delivery service such as FedEx, DHL, and Correos, seemingly notifying users of their package or shipment delivery status along with a link to track the order, which, when clicked, downloads malicious apps that have the encrypted FluBot module embedded within them.
images from Hacker News