There’s a new virus taking over Europe and I’m not talking about the Omicron variant. I’m talking about Flubot, a banking trojan virus that takes over Android phones with a text-messaging scam. In this current outbreak, the virus is disguising itself as Flash Player, something Adobe stopped supporting last year.
Unlike the trojan that took over last year, this one doesn’t live on the Google Play store. It lives as a fake APK file (Android Package) in text messages.
How does Flubot spread?
It works like this. You get a text from someone close to you, perhaps a friend or a family member. The text includes a link and says something like “Did you upload this video?”, making you very curious and scared about what exactly the link holds.
Source: CSIRT KNF
The link gives you an APK file, which is used when installing apps. It looks like a Flash Player app and that’s awfully convenient since Flash stopped working last year. Oops! You just infected your phone and now that link is being sent to your contacts from your phone number. It also has access to your contact lists, personal information, credit card details, browser pages, and more.
For the tech-savvy ones out there, you might ask “Who would be stupid enough to install a random APK from a shady link?”. My response is that my grandfather doesn’t even know what an APK is, and neither does yours (no offence). Even if there is a very low chance of someone clicking on the link, the fact that it spreads to all of your contacts means it is extremely contagious. In fact, there have been more than 10,000 websites involved in spreading Flubot according to Netcraft. There have also been 60,000 infected devices according to Prodaft, a Swiss cyber threat intelligence company.
Source: F5 Labs
How we can stay safe from Flubot
Just because Flubot is primarily active in Europe doesn’t mean there won’t be something similar over here. Not too long ago, Asia was hit with WhatsApp Pink, a virus that spread with an APK file as well. Just like with COVID-19, we need to follow safe practices to avoid getting infected.
The good news is that your phone is probably already protecting you. There are safeguard measures like Google Play Protect and “Allow Installation from Unknown Sources” is disabled by default.
If you’re not sure if you have this set up, go to the Google Play Store, tap on the profile icon at the top right, tap Play Protect and then Settings. You’ll be able to toggle ‘Scan apps with Play Protect’ there.
Of course, if someone sends you a shady link, just don’t click on it. It’s probably a virus.
source: soyacincau