Experts from CERT NZ have discovered that the dangerous malware FluBot has begun using a new decoy to compromise Android devices. Attackers are trying to force users to infect their devices by showing them warnings about the need to urgently install some kind of security update, since the user’s device is allegedly already compromised … by the Flubot malware.
Potential victims are also asked to allow the installation of applications from untrusted sources if they see a warning that malware may be installed on their device.
Attackers lure users to such fraudulent pages via SMS. Usually, such messages are disguised as missed parcel deliveries or photos allegedly stolen from the victim, which have already been uploaded to the network.
Let me remind you that FluBot usually spread to other Android phones by sending text messages to contacts previously stolen from other infected devices. Users are told to install malicious applications in the form of APK files delivered from servers controlled by attackers.
Once deployed, the malware tries to trick the victim into granting additional rights on the device via the Android Accessibility service, which will allow it to hide and execute malicious tasks in the background. Ultimately, FluBot will take over the infected device, gaining access to payment and banking information.
Let me remind you that we talked about the fact that The new version of the Jupyter malware is distributed through the MSI installer.