Europol has taken down the notorious mobile malware threat FluBot which is one of the largest and fastest-growing Android malware operations in existence.
The malware operation was taken down in a law enforcement operation involving eleven countries following a complex technical investigation to pinpoint FluBot’s most critical infrastructure.
The countries involved in the operation were Australia, Belgium, Finland, Hungary, Ireland, Spain, Sweden, Switzerland, the Netherlands, and the United States.
The Dutch Police announced that they have disconnected ten thousand victims from the FluBot network and prevented over 6.5 million spam SMS from reaching prospective victims.
In March 2021, the police in Spain arrested four suspects who were believed to be the key members of the FluBot operation, as the malware had primarily infected users in the region.
The break in its distribution did not last much longer as the malware rebounded to unprecedented levels targeting multiple other countries beyond Spain.
Europol underlines that the FluBot infrastructure is under the control of law enforcement, so there can be no re-ignite.
FluBot is an Android malware that steals banking and cryptocurrency account credentials by overlaying phishing pages on top of the interface of the legitimate apps when the victims open them.
It can also access SMS content and monitor notifications, so two-factor authentication and OTP codes can also be stolen.
The malware abuses the contact list of infected devices to send SMS to all contacts through a person they trust. The victim doesn’t notice anything odd as everything happens in the background.
So the FluBot quickly increased the number of victims in certain places around the globe and spread like wildfire there.
The malware was also distributed through apps on the Google Play Store, fake parcel delivery messages, Flash Player app updates, and many more.
If you believe that your device might have been infected with Flubot, Europol suggests to perform a factory reset that wipes all data in the partitions that can host malware.
