Android: A new Android malware is used by companies like Amazon to steal passwords from careless users. Called FluBot, the virus “spreads like the flu,” according to experts, and uses SMS to reach more victims.
Like many phishing attacks, malicious software uses social engineering to enter a user’s smartphone. Hackers fire text messages on behalf of companies like Amazon eDHL accompanied by a link to download an app to track deliveries.
The address leads to an APK installer outside the Play Store that has a fake app. If the user installs the app, the virus scans the phone to collect credentials such as logins, passwords and bank details.
Spreading like flu
FluBot also calls attention for “spreading like flu”, as Slashgear defines it. In addition to collecting sensitive user information, the virus accesses the smartphone’s calendar application to reach more victims.
The virus collects the phone numbers saved on the cell phone and sends the same text message pretending to be a delivery company and with a link to the malicious app. The method of spreading the malware is so effective that the UK government’s cybersecurity division even launched an alert for Android smartphone users.
For those who own an Android phone and received malicious links via SMS, the tip is to not click on suspicious addresses and avoid downloading installers from untrusted sources. As Apple is very restrictive with iOS and does not allow the use of apps outside the App Store, iPhone users are protected against “virtual flu”.