FluBot season arrives in Australia

FluBot, an Android malware that tries to steal users' banking credentials, is targeting Australian users currently through bogus SMS texts with malicious links purporting to be voicemail notifications.

Melbourne comedian Em Rusciano was warned by Telstra on Twitter that she had been sent FluBot messages, which the telco said were hard to block as they arrive from legitimate handsets.

If users click on the booby-trapped links in the messages, they are asked by the attackers to install FluBot.

The FluBot installation will only work if users permit app installations outside of the official Google Play Store.

Security researchers observed last week that a new version of the malware had Australia added to its list of target countries.

New #Flubot 4.7 sample added +61 country code (Australia)

dcfe4d8c0265186f24f56cb774f0087cfde3d46fc0d31a7edf7e036a2006513d

cc @malwrhunterteam @danlopgom @pr3wtd @JosepAlbors pic.twitter.com/NOQ7d9WuV5

— Alberto Segura (@alberto__segura) August 5, 2021

Internet metrics company Netcraft reported last week that a number of Australian banks are being targeted by Flubot.

Apart from banking credentials stealing, FluBot can also capture credit card details, exfiltrate user contacts, and install spyware.

It will also disable the Google Play Protect anti-malware app.

Telstra advised users that most Android anti-malware utilities can clean out the FluBot infection.

Security vendor ESET said FluBot can be manually uninstalled by users, and have made a how-to video for the process.

Prior to Australia, FluBot has been active in European countries such as the Netherlands, Switzerland and Finland since May this year.

In Europe, FluBot has used a different deception, purporting to be SMS messages from a courier company.