FluBot malware now targets Europe posing as Flash Player app

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
8,104
The widely distributed FluBot malware continues to evolve, with new campaigns distributing the malware as Flash Player and the developers adding new features.
FluBot is an Android banking trojan that steals credentials by displaying overlay login forms against many banks worldwide.
For more technical details on how exactly the latest version of FluBot works, check out the F5 Labs report.
 

Correlate

Level 16
Verified
Top poster
Well-known
May 4, 2019
762

FluBot’s Authors Employ Creative and Sophisticated Techniques to Achieve Their Goals in Version 5.0 and Beyond​

In early 2020, a new sophisticated malware for Android called FluBot began to appear. On infected devices, the malware can take full remote control of the device; access victim’s contact lists; send, intercept, and hide SMS messages; log the victim’s keystrokes; steal one-time passcodes; collect personal information; carry out overlay attacks and more. Originally, the malware authors mainly targeted Spanish banks but later expanded their targets to include Australian, German, Polish, and UK banks (HSBC, Santander, Lloyds, Halifax, and others).

The figure below shows an example of the command and control (C2) panel, which contains detailed statistics about victims’ devices.
 
Top