FluBot malware now targets Europe posing as Flash Player app

[silversurfer]

Content source

https://www.bleepingcomputer.com/news/security/flubot-malware-now-targets-europe-posing-as-flash-player-app/

The widely distributed FluBot malware continues to evolve, with new campaigns distributing the malware as Flash Player and the developers adding new features.
FluBot is an Android banking trojan that steals credentials by displaying overlay login forms against many banks worldwide.

For more technical details on how exactly the latest version of FluBot works, check out the F5 Labs report.

FluBot malware now targets Europe posing as Flash Player app

The widely distributed FluBot malware continues to evolve, with new campaigns distributing the malware as Flash Player and the developers adding new features.

www.bleepingcomputer.com

 

[Correlate]

FluBot’s Authors Employ Creative and Sophisticated Techniques to Achieve Their Goals in Version 5.0 and Beyond​

In early 2020, a new sophisticated malware for Android called FluBot began to appear. On infected devices, the malware can take full remote control of the device; access victim’s contact lists; send, intercept, and hide SMS messages; log the victim’s keystrokes; steal one-time passcodes; collect personal information; carry out overlay attacks and more. Originally, the malware authors mainly targeted Spanish banks but later expanded their targets to include Australian, German, Polish, and UK banks (HSBC, Santander, Lloyds, Halifax, and others).

The figure below shows an example of the command and control (C2) panel, which contains detailed statistics about victims’ devices.

FluBot’s Authors Employ Creative and Sophisticated Techniques to Achieve Their Goals in Version 5.0 and Beyond | F5 Labs

A deconstruction of FluBot 5.0’s new communication protocol and other capabilities FluBot uses to hide, making it difficult for researchers and security solutions to detect.

www.f5.com