Locks and Security News: your weekly locks and security industry newsletter
25th May 2022 Issue no. 608
Your industry news - first
We strongly recommend viewing Locks and Security News full size in your web browser. Click our masthead above to visit our website version.
New targeted phishing campaign spreading FluBot banking Trojan
It has been reported that Threat actors are using SMS text messages to spread a password-stealing malware that attacks Android devices, experts have warned.
Once installed, the malware, known as FluBot, will harvest authentication details and other personal details and sensitive information. To make matters worse, the malware makes its way into a victim's address book, and in worm-like fashion infects other devices by sending itself to all the contacts.
Commenting on this story is Burak Agca, Security engineer at Lookout:
"Mobile users across Europe are facing a new and targeted mobile phishing campaign that is spreading the FluBot banking trojan. Facebook and LinkedIn's recent data breaches of over a billion user records is providing attackers with a rich pool of targets. Threat actors are using Deutsche Post & DHL, Saturn, UPS and other popular delivery services to send victims SMS text messages purporting to validate or provide updates about shipments.
When an Android user taps the malicious link, they are forwarded to a page where they are prompted to download an app so they can track their package. Once installed, the infected app Flubot, can intercept and send SMS messages, display screen overlays, and steal contacts. iOS users by comparison are directed to phishing pages that link to other malware or impersonate major banks in the hopes of stealing that user's mobile banking login credentials. Almost 80% of mobile phishing attacks are intended to deliver malware like FluBot.
Flubot may be considered Malware as a Service (Maas), and employs a domain generation algorithm (DGA), which creates slightly different variations of a given domain name in a tactic known as domain fluxing. A good analogy is hiding the needle in a haystack, where the true Command & Control server IP may be found amongst a long list of IPs. Another well-known Malware-as-a-Service (MaaS) is BancamarStealer, designed specifically to grab users banking credentials, was discovered in 2018 and now has over 74,000 samples identified, with over 60 banking institutions worldwide affected.
Mobile security should not be seen as an optional extra on our mobile devices. Today, the majority of us are predominantly working without being attached to a corporate network. In the same way you wouldn't dream of surfing or interacting on the internet without an Anti-virus, an on-demand scanner, and phishing protection on your PC exactly the same applies to the computer in your pocket."
The full story can be found here: www.techradar.com
28th April 2021