Anyone with an Android device needs to be on high alert with phone owners being targeted by a new nasty threat that can end up leaving less money in their bank accounts. This attack uses the vicious FluBot malware to siphon credit card information and banking credentials which then enables cyber criminals to raid victims’ accounts and make purchases online without their permission.
It’s a growing problem with experts warning that these attacks are on the rise in countries including the UK. Of course, to get FluBot on a phone criminals need to install it and this is where hackers are trying a new trick.
As spotted by the team at Bitdefender, the attack starts via a simple text that arrives on the phone.
The message usually suggests that the victim has a voicemail waiting or a new parcel that’s out for delivery with a link attached to find out more. Once clicked, the user is taken to a webpage where they are then asked to download an official-looking app to gain access to the voice message or parcel delivery firm.
READ MORE: Google bans three popular apps! Delete them from your Android phone NOW
Of course, there is no voicemail or package to be delivered with the fake application simply installing the FluBot threat instead.
Following a campaign during the Easter break in Romania, Bitdefender says it has since started monitoring FluBot activity more closely and noticed a considerable spike during April-May. This time, most of Europe is at risk in a concerted effort from FluBot operators.
According to the Bitdefender team, the most targeted countries are Germany, Romania, UK, Poland, Spain, Sweden, Austria, Finland, and Denmark. Because FluBot activity is rising, Bitdefender highly recommends that users install a security solution capable of detecting not just FluBot itself, but also any social engineering vector designed to deploy malware.
Although Android users are most at risk, those with iOS devices should also be on alert for any unexpected text messages.
Unlike Google’s OS, Apple doesn’t allow unauthorised apps to be installed but the hackers take iPhone users to fake websites instead. The advice is clear if you get a text suggesting you have a voice mail or parcel delivery and you don’t know where the message has come from, DON’T click on any links.