There's a new malware threat you need to be aware of

It recently made its way onto the UK's National Cyber Security Centre's radar. Called FluBot, it is designed to steal information including passwords and banking particulars. There are a couple of interesting aspects about this threat that are noteworthy.

Flubot is able to spy on consumers and access contact details once it infiltrates a user’s phone system. It can even go on a text message spree that will send out more malicious messages to further spread the spyware.

 

How FluBot works

First, it is currently being spread exclusively via text message. A potential victim will get a text claiming to be from a shipper. The text will include a link that the user can tap in order to install a package tracking app. Of course, there is no package and thus, no package tracking app, so if the user taps this link, it will actually install the FluBot malware.

Worse, the code contains a module that gives FluBot worm-like capabilities. That allows it to access the victim's contact list and send poisoned texts to each person on that contact list, allowing it to spread like wildfire.

Britain’s National Security Cyber Centre reports that the malicious messages have claimed to be from DHL so far, but researchers warn that other delivery companies can easily be cited for the purposes of the scheme. The organization also reports that Apple device users are not currently at risk, but it’s possible the scam text messages might still redirect them to a website that may steal their personal information.

Protecting yourself against Flubot

Dealing with malware is a hassle, so it’s important that everyone is aware of what to look out for when it comes to these scams. If you do receive a text message from a company that you don’t normally do business with or someone you don’t frequently get text messages from, that should immediately raise red flags.

If you receive one of these suspicious messages, this is what you should do:

  1. Do not click the link in the message, and do not install any apps if prompted.

  2. Forward the message to 7726 (SPAM), a free spam reporting service endorsed by the Federal Trade Commission (FTC) and offered by telephone companies.

  3. Delete the message.

  4. In situations in which you were actually expecting a DHL delivery, it’s recommended that you visit the official DHL website to track your delivery. Make sure that you do not use the link in the scam text message.

If you have already clicked the link to download the application, but you are going to have to do a system reset and wipe your device clean. One important thing: Do not enter your phone’s password or log into any accounts until you have done all the steps.

  1. Perform a factory reset. The process for a reset on an Apple device is here; for Android devices, follow the steps posted here. Sadly, you will lose the data on your phone if you don’t have a backup installed for your device.

  2. Once you set up the device after the reset, you might be asked if you want to restore it from a backup. Make sure that you are not restoring to a version of your phone that came after you downloaded the malicious app because that backup will also be infected.

Two final suggestions: take preventive measures if you haven’t been hit by Flubot. Back up your device and only install apps from your device’s “official” app store like Apple’s App Store and Google’s Play Store. An additional suggestion for Android users is to make sure Google’s Play Protect is enabled on your device. Every additional layer of protection is worth the effort when fighting against malware and spyware.

You should also investigate steps the FTC suggests as possible ways to protect your phone from malware and spyware. Those suggestions are available here.

 

What about anti-malware defenses

For the moment, FluBot is circulating primarily in Europe. However, given the peculiar nature of its spread mechanism, it could easily jump to the United States with a vengeance, or any other part of the world.

Unfortunately, there's no good automatic defense against FluBot at present, aside from education and awareness. Make sure your employees are aware of the threat and are careful not to click on any links promising to track packages, even if they're expecting a delivery. It is far better to simply open a new browser window, type in the URL of the shipper you're expecting a package from and track the package that way. That is, rather than risking an infection that could put a wide range of sensitive data at risk, and cause problems for everyone on your contact list.

 

My perspective

Stay vigilant. This won't be the last threat to emerge in 2021.

 

As Hill Street Blues' Sgt. Esterhaus always advised - "Hey, let's be careful out there!"

 

 

By Denis Wilson

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT Support

Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPIA Blogs. You can also find me on LinkedIn, Facebook, and Twitter

I am also a published author and speaker on cloud computing, work@home, and cybersecurity. I work extensively with business and professional associations to provide small business technology education programs.

 

Contact me if you would like me to speak to your association