FluBot aims to steal the financial account credentials of its targets by overlaying phishing pages on top of the original banking and cryptocurrency apps. In addition, the malware can access SMS data, start phone calls, and supervise incoming notifications to intercept them for gathering messages such as OTPs.
The FluBot operators utilise SMS messages claiming to include links to missed call notifications, voicemails, or reminders about incoming money from unknown transactions. The links in these phishing messages redirect the targets to a website that holds the FluBot APK. The website will then ask the victims to download and install the app to learn about the fake transaction details.
Furthermore, the actors will use the contacts list to deploy a second-wave SMS from compromised devices. Since these compromised messages come from a known source, the recipients will trust these sources and are more likely to access them and infect their gadgets.
FluBot operators will instantly subscribe to iOS users since they know that Apple users are more likely to have monetary funds.
The FluBot threat actors will waste any opportunity to monetise if their malicious SMS infects an iPhone user. They will instantly redirect Apple users to premium subscription frauds to ensure they will not skip them.
If a target’s device is already infected with FluBot, resetting the system to factory defaults should remove the malware. However, if the infected user plans to restore a backup, it is essential to double-check that the backup does not contain the malware.
Moreover, suppose a targeted entity uses a banking application after the infection. In that case, it is essential to reach out to the bank corresponding to the app installed in the infected device and wait for instructions. It is also crucial to monitor all transactions and report any suspected fraudulent activities.
Experts recommend resetting all passwords for all accounts used to mitigate the chances of financial loss. iPhone users who have not deliberately subscribed to premium services through a FluBot SMS should contact their carrier and request the cancellation of the subscription.