FluBot has built up a community of compromised Android phones in the UK since April and in the past 24 hours has commenced monetising them by sending overlays for British Banks.
FluBot first appeared in 2020, targeting mainly Spanish banks, but recently it has spread its reach, with Australian, German and Polish banks all affected within the last few weeks. UK banks are now firmly in its sights, with HSBC and Santander the first to be affected, and Lloyds and Halifax following shortly after.
Netcraft’s research into the Android banking malware FluBot confirms that its operations are expanding rapidly, with a spike in the number of malware distribution pages deployed, and finance applications affected in greater numbers.
In recent days new overlays have been distributed that target a number of Polish and German banks, only days after news that FluBot has begun to target Australian banks.
FluBot is distributed in the first instance using text messages, containing links to so-called “lure” pages: web pages unintentionally hosted by compromised web servers, commonly impersonating parcel tracking services, or voicemail notifications. Lure pages attempt to induce visitors to download the malware.
The FluBot strain of Android banking malware, which was initially observed in Spain in late 2020 before spreading more widely across Europe over the following months, is now targeting Australian banks.
Once installed, FluBot periodically sends a list of apps installed on the device to one of its command-and-control servers. The server responds with a list of apps the malware should overlay. Upon one of these apps being launched, FluBot immediately displays an overlay on top of the legitimate app. The overlays impersonate the legitimate apps and are designed to collect the victim’s online banking credentials, which are sent to the criminals operating FluBot via the command-and-control server.
Netcraft monitors the list of apps targeted by FluBot, and today discovered that FluBot for the first time is serving overlays for Australian banking apps, including Bank Australia, Bank of Melbourne, BankSA, CommBank, Great Southern Bank Australia, HSBC Australia, National Australia Bank, St.George Bank, Suncorp, and UBank.
Posted by Graham Edgecombe in Security
Your link here? Advertising on the Netcraft Blog