Europol – Takedown of SMS-based FluBot spyware infecting Android phones

An international law enforcement operation involving 11 countries has resulted in the takedown of one of the „fastest-spreading mobile malware to date”, according to a press release.

Known as FluBot, this Android malware has been spreading aggressively through SMS, stealing passwords, online banking details and other sensitive information from infected smartphones across the world. Its infrastructure was successfully disrupted earlier in May by the Dutch Police, rendering this strain of malware inactive. 

This technical achievement follows a complex investigation involving law enforcement authorities of Australia, Belgium, Finland, Hungary, Ireland, Spain, Sweden, Switzerland, the Netherlands and the United States, with the coordination of international activity carried out by Europol’s European Cybercrime Centre (EC3). 

The investigation is ongoing to identify the individuals behind this global malware campaign. 

Here is how FluBot worked 

First spotted in December 2020, FluBot has gained traction in 2021 and compromised a huge number of devices worldwide, including significant incidents in Spain and Finland. 

The malware was installed via text messages which asked Android users to click a link and install an application to track to a package delivery or listen to a fake voice mail message. Once installed, the malicious application, which actually was FluBot, would ask for accessibility permissions. The hackers would then use this access to steal banking app credentials or cryptocurrency account details and disable built-in security mechanisms. 

This strain of malware was able to spread like wildfire due to its ability to access an infected smartphone’s contacts. Messages containing links to the FluBot malware were then sent to these numbers, helping spread the malware ever further. 

This FluBot infrastructure is now under the control of law enforcement, putting a stop to the destructive spiral.

My device has been infected – what do I do 

FluBot malware is disguised as an application, so it can be difficult to spot. There are two ways to tell whether an app may be malware:

. If you tap an app, and it doesn’t open

. If you try to uninstall an app, and are instead shown an error message

If you think an app may be malware, reset the phone to factory settings. 

Find out more on how to protect yourself from mobile malware.