Watch out - that Android security update may be malware

Phone malware
(Image credit: Shutterstock)

The creators of FluBot have launched a new campaign that uses fake Android security update warnings to trick potential victims into installing the malware on their devices.

In a new blog post, New Zealand's computer emergency response team Cert NZ has warned users that the message on the malware's new installation page is actually a lure designed to instill a sense of urgency that tricks users into installing FluBot on their own devices.

The new FluBot installation page, that users are led to after receiving fake messages about pending or missed package deliveries or even stolen photos uploaded online, informs them that their devices are infected with FluBot which is a form of Android spyware used to steal financial login and password data from their devices. However, by installing a new security update, they can remove FluBot from their Android smartphone.

The page also goes a step further by instructing users to enable the installation of apps from unknown sources on their device. By doing so, the cybercriminals' fake security update can be installed on their device and while a user may think they've taken action to protect against FluBot, they've actually installed the malware on their smartphone themselves.

Changing tactics

Until recently, FluBot was spread to Android smartphones through spam text messages using contacts stolen from devices that were already infected with the malware. These messages would instruct potential victims to install apps on their devices in the form of APKs that were delivered by attacker-controlled servers.

Once FluBot has been installed on a user's device, the malware often tries to trick victims into giving it additional permissions as well as granting access to the Android Accessibility service that allows it to run in the background and execute other malicious tasks.

FluBot is capable of stealing a user's payment and banking information by using overlay attacks where an overlay is placed on top of legitimate banking, payment and cryptocurrency apps. As mentioned before, the malware will also steal a user's contacts to send them phishing messages to help spread FluBot even further.

While FluBot was mainly used to target users in Spain at its onset, its operators have since expanded the campaign to target additional countries in Europe including Germany, Poland, Hungary, UK and Switzerland as well as Australia and Japan in recent months.

Via BleepingComputer

TOPICS
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
These fake macOS updates are actually just looking to spread malware
Malware worm
Coordinated global mobile malware campaign targets banking apps and cryptocurrency platforms
Android phone malware
This nasty Android malware is posing as the Telegram Premium app
An iPhone sitting on a wooden table
Millions at risk as malicious PDF files designed to steal your data are flooding SMS inboxes - how to stay safe
A digital representation of a lock
Security experts are being targeted with fake malware discoveries
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Mac users targeted with new malware, so be on your guard
Latest in Security
A graphic showing someone on a tablet working through a supply chain.
Security issue in open source software leaves businesses concerned for systems
ransomware avast
One of the most powerful ransomware hacks around has been cracked using some serious GPU power
person at a computer
Infamous ransomware hackers reveal new tool to brute-force VPNs
person at a computer
Many workers are overconfident at spotting phishing attacks
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
Microsoft 365 accounts are under attack from new malware spoofing popular work apps
Data Breach
Thousands of healthcare records exposed online, including private patient information
Latest in News
Panos Panay and Alexa Plus
Amazon's Panos Panay teases future Alexa+ devices from speakers to possible wearables
Metroid Prime 4
I reckon the Nintendo Switch 2 could launch with Metroid Prime 4 – here’s why
Samsung Galaxy Z Fold 6
New rumors predict a foldable iPhone will launch next year – and cost almost twice as much as the iPhone 16 Pro Max
Pebble smartwatch countdown
Pebble confirms its smartwatch announcement is just hours away
Logo of YouTube Shorts
Is YouTube auto-playing Shorts when you open the app? Well, you’re not alone - here’s how to fix it
Google DeepMind panel discussion
“More sovereignty and protection” - Google goes all-in on UK AI with data residency, upskilling projects, and startup investments