A fake security update tricks Android users into downloading malware that could potentially exploit their devices

October 17, 2021
fake security update Android flubot malware exploit devices

A new malware trick is reported to infect Android users by posing as a security update that users would need to download to protect their devices. However, this fake security update is the malware itself, which seems to be an effective way to scam people into downloading it unknowingly. 

FluBot malware can steal passwords, financial details, and more personal details of infected smartphones, particularly those in Android OS. Once the FluBot malware infects a device, it can exploit permission access and spread the virus to other potential victims to widen the infection chain. Apple devices are safe against FluBot even if links can be sent towards them. 

Often comes through text messages, the FluBot trojan tells victims that they missed a delivery and need to click a link and install an application that will reorganize the delivery. If the victim falls into the trap, the installed malware will proceed to infect their smartphones. 

 

FluBot malware deceives Android users by claiming that their device has already been infected and requires a security update as a fix.

 

Aside from the “missed delivery” tactic, threat actors now also use a new technique to trick people into downloading the FluBot malware into their devices. Researchers have issued a warning about scam text messages sent by threat actors stating that the FluBot itself has already infected the victim’s device. Users will be requested to download a fake security update via a link that claims to be the fix against the infection. 

Users will see a warning screen upon clicking the link from the scam SMS – with a message about their device being infected by the FluBot malware and clearly explains how it can steal the victim’s financial login data and password credentials. The threat actors revealed how the FluBot malware can damage their devices to only alarm the victims and click the link to install the fake security update. Downloading this fake security update is what will infect the device with the malware. 

The infection will allow threat actors to access and steal the victim’s personal and financial details found on the device. Moreover, it can spread itself by accessing the victim’s contacts list and sending more scam text messages. For devices already infected, the recommendation is to perform a device factory reset to remove the malware. 

Users must be more aware of not clicking any suspicious links sent randomly to prevent infections and data breaches. Although, if a user has clicked into these scam links, they must immediately contact their bank providers and discuss any possible mitigations.  

About the author

Leave a Reply