Dangerous Trojan comes via SMS
A large number of messages claiming to be a new voice message are being received. But behind it are Android malware. What you should do to protect your data.
Please do not click: This link is trying to infect the smartphone with “Flubot”.
Photo: schü
SMS messages, which mobile phones hardly ever provide, have a simple message: “New Voicemail” written in it, followed by a link. However, this link does not lead to a voice message, but to a website that tries to infect the phone with “Flubot”.
Flubot is a malicious program that attempts to steal personal information. The Trojan horse copies the address book to spread further. It targets SMS in which a one-time code is sent to secure multiple logins. With Flubot, two-factor authentication can be taken advantage of for online banking, online stores, or cryptocurrency trading venues.
Danger on Android phones
This scam is called smishing, short form of ‘SMS phishing’ or SMS data theft. “SMS” is a real danger for Android users. It has no effect on phones with other operating systems.
However, even with those, it is better not to call the link but to delete the messages immediately. This generally applies to links that you currently receive via SMS, since there are various types of malware in which a voicemail is not promised, but parcels are delivered, for example by DHL, which can be tracked via the link provided.
To protect against this malware, Android users should do the following:
-
Make sure your device is up to date; Install updates immediately.
-
Prevent your Android device from installing software that bypasses the Store – This is how malware gets into the device. Where to find this setup varies by manufacturer and model; Look in the settings for “Apps from Unknown Sources” or “Install Unknown Apps”. The option can either be deactivated globally or you must deactivate it for each individual application, especially the browser.
-
Note our general advice in the article This keeps the smartphone safe. iPhone users will also find useful information about security measures here.
Blocking the installation of applications from an unknown source is a very important security measure. Important: No app, especially no browser, should have this authorization. If you need it for any reason, you should only give it temporary and make sure to deactivate it afterwards.
Screenshot: schü
If you, as an Android user, have already clicked on the link, then act. German Federal Office for Information Security (BSI) Recommend the following in such cases:
-
Switch the device to airplane mode to prevent the virus from spreading further via SMS.
-
Check the services that send you codes to log in by SMS, especially online banking and payment providers, and make sure there are no unauthorized charges.
-
Take a backup of all important data and do a factory reset on the phone. This is a drastic measure, but it is recommended for such aggressive malware.
BSI also recommends making a police report: you should definitely do this if debts arise or if there are concerns. In this case, the phone should only be reset after filing the complaint as the phone is used as evidence. You should also contact your mobile operator; If necessary, he can advise further preventive measures.
Active in all European countries
The Switch Foundation, which is responsible for networking between Swiss universities, describes the details of Flubot in a post In the security blog. Accordingly, the malware, which also circulates under the names “Cabassous” and “FakeChat”, was first observed in December 2020. It was originally located in Spain, Hungary and Poland, but has since been developed so that it is now circulating in all parts of the world. European countries.
Malware uses this dialog to ask the user to grant them extensive permissions.
Screenshot: switch.ch
When Android users click on the link, an attempt is made to install the malicious app on the device. Users of other operating systems, such as iPhone, are redirected to a fraudulent website. After installation, the app asks for permission to use the accessibility features. Because these programs are so broad in scope, the malware can then assign additional permissions to itself and be given the option to turn itself into a standard SMS app, read the address book and access or block notifications.
Found an error?Report now.
“Typical entrepreneur. Lifelong beer expert. Hipster-friendly internet buff. Analyst. Social media enthusiast.”