Authorities Take Down SMS-based FluBot Android Spyware

The takedown resulted from a global law enforcement operation involving eleven countries, headed by Europol’s European Cybercrime Center.

The European Cybercrime Center/EC3 of Europol and law enforcement agencies from eleven countries launched a joint operation to take down FluBot spyware. The investigation involved Australia, Finland, Belgium, Spain, Ireland, Hungary, Sweden, the Netherlands, Switzerland, and the USA law enforcement authorities while EC3 coordinated the operation.

Ireland’s Garda National Cyber Crime Bureau (GNCCB) was part of the investigation team. GNCCB Detective Superintendent Pat Ryan stated that “the investigation is ongoing to identify the individuals behind this global malware campaign.”

Details of the Operation

In a blog post, Europol explained that the FluBot Android malware was distributed through SMS and was capable of stealing online banking credentials, passwords, and other sensitive data. Hence, an extensive investigation was launched since FluBot spyware targeted Android smartphones across Australia, Europe, and other parts of the world.

Authorities noted that its distribution scope was widening quickly. Now the spyware is under the control of Dutch Police/Politie, which carried out the operation in May, rendering the malware strain inactive.

A Flubot alert received by one of the victims as a text message

About FluBot

FluBot malware is distributed as an application, making it difficult to detect it. The malware gets installed on the Android smartphone through text messages. The user is asked to click on a link and install an app for tracking a package delivery or access a fake voice mail message.

After the app is installed, it asks for accessibility permissions. The malware operators use the access to steal sensitive data from the smartphone, including banking app login details and cryptocurrency wallet credentials. It can also effectively disable the mobile phone’s built-in security mechanisms.

Furthermore, it doesn’t open when the user taps on the app icon, and an error message appears when the user tries to uninstall it. The notorious malware was detected in 2021 when it infected many devices in Spain and Finland.

According to Interpol, FluBot was excessively virulent. It could be multiplicated automatically by forwarding the SMS message to the infected smartphone’s contact list. To avoid infection, smartphone users should immediately reset their phones on factory settings if they believe a malicious app was downloaded on the device.

1. Microsoft takes down largest botnet network “Necurs”
2. World’s Most ‘Resilient Malware’ Botnet Emotet Taken Down
3. Authorities take down scam campaign impersonating the WHO
4. Dutch Police takes down 15 DDoS-for-hire services in one week
5. Europol takes down VPN service VPNLab used by ransomware operators