Android has evolved a lot, so much so that it's essentially secure out-of-the-box. But, because of the operating system's ability to sideload apps, the consequences can be disastrous.
Flubot is one such banking malware that has been taking advantage of the functionality. So what is Flubot? How can it affect you? And if you've been infected, what can you do to secure your device again?
What Is Flubot Malware?
Flubot is a new Android spyware that aims to steal financial login and password data from your device.
It also reads your contact list and takes that information to find more users for the attack.
How Does Flubot Affect You?
Flubot malware uses smishing (or SMS phishing) to affect your device in the first place. You will receive an SMS that informs you about, for example, a package delivery. The SMS will include a link to track the status of the delivery.
They tend to use reputable brand names like FedEx so the SMS appears trustworthy.
If you were expecting a delivery, you are more likely to click on the link. And, if you were not, you may end up clicking the link out of curiosity. Unlike a genuine tracking link, this one will take you to a fake website that may look like FedEx or any other delivery service.
It will then ask you to download and install an Android app to check the delivery status. A user can install the Android app manually.
Once installed, it will ask for permissions that benefit the malware.
First, it will ask for access to your contacts, which it scans and sends to the attacker’s server for further SMS phishing. Your contacts may receive similar messages, so the malware spreads.
Next, it will inform you that it needs permission to draw over apps and observe the content. In other words, it will ask for accessibility permission. When you grant it, Flubot gets extended permissions to work with the same privileges as a system app.
Then, it starts observing the banking app credentials or cryptocurrency account details and uses them to steal any of your funds later.
It is worth noting that even though Flubot is spyware, it can disable Google Play Protect and uninstall other applications as well.
What Can You Do About It?
You may have noticed that this permission requirement exists for Android security apps like F-Secure or Malwarebytes. But, for any other app, allowing this permission access can be dangerous.
In this case, the only way to remove Flubot is to perform a factory reset on your device. So make sure that you have a backup of your important files.
You can try removing it via Android Debug Bridge (ADB), but avoid it unless you do not know what you are doing.
How to Stay Safe From Flubot
Flubot malware doesn't exploit any vulnerabilities on your Android smartphone. It needs manual access to work. It is best to avoid sideloading and instead install apps from the Google Play Store.
Sideloading has its benefits, but you need to verify the source of the APK file before downloading anything to your phone. You can take a look at Play Store alternative stores that you can trust.
In either case, you should avoid clicking on links, no matter whether it looks legit. Background research should help you make sure that you are clicking on a link you can trust.
Don't forget to explore more about Android permissions and how it works to decide what permissions you should allow.