What do you get when you combine the untimely death of a hugely popular piece of software once used on everything from smartphones to PCs with the insatiable thirst for unlawful financial gains of highly skilled hackers?
A scary new malware campaign that, to be perfectly honest, should be pretty easy to avoid by now for anyone who’s done even the least amount of research possible on this sort of stuff before. Of course, it’s never too late to start educating yourself on the daily dangers of modern mobile life, and the first thing you need to keep in mind is that you should never, ever, ever, EVER download an Android app from an untrusted source.
Unfortunately, because the bad actors behind this latest “FluBot” distribution scheme know exactly what they’re doing, you might receive a link to a shady website trying to feed you the vicious aforementioned banking trojan via a bogus Flash Player app from someone you 100 percent trust, like a close friend, family member, or someone else from your contacts list.
That’s because, once your phone is infected, one of the symptoms of said infection will be the unauthorized access of your contacts, with the added malware ability to send text messages without user permission.
Bottom line, no matter where a link seems to be coming from, you should exercise good judgment and refuse to install random APK (Android Package) files. We know, we miss Adobe’s Flash too, but the San Jose-based software giant would never use APKs to revive something that’s been dead since 2020 and dying since 2017.
Of course, the sneakiness of this malware campaign’s authors can often go beyond just sending a text from one random Android user to a friend or family member. Because asking someone to download a “Flash Player” app from outside the Play Store would be too obvious a tell for many people, the malicious texts you should… simply ignore may try to fool you into opening links by advertising various video-related things.
A good idea in such a case would probably be to ask whoever sends you a message containing a potentially malicious link one or two simple questions, thus making sure their intentions are pure.
If the name FluBot happens to ring a bell, that might be because the same trojan has infected countless devices in the past using methods as diverse as posing as a security update, parcel delivery notice, and other legit apps from popular developers.
While the main goal is and always has been to steal money with the help of banking credentials you might have stored on your Android phone, the secondary purpose is to spread like wildfire by hijacking your contacts and messages.
