Bitdefender reports that a scam based on the FluBot banking malware has been making a comeback in the Android ecosystem – but also on iPhone via sideloading, or the TestFlight beta program – since May. In concrete terms, the victim receives a text message referring to a voicemail message, or one that a package (that you were not expecting) is on its way.
When the victim follows this link, they come across an external site that encourages them to download an application. On Android this can be an APK file directly, while on iPhone hackers usually hijack the TestFlight beta system. However, the application in question immediately asks for permissions that seem exaggerated. Including access to accessibility features.
How to protect against the returning FluBot malware on smartphones
The devices are then infected with the FluBot malware which is becoming ever more sophisticated. The malware extracts your contact list to spread. It also currently places a fairly aggressive script on victim machines that searches for and sends anything resembling credit card data to remote servers.
From there, the sponsors of the campaign can rub their hands: they will be able to use the bank cards of millions of victims, all practically without effort. The malware is more or less automated, so as long as it continues to spread the financial returns are potentially huge. There is no absolute failsafe to protect you.
Aside from probably installing one of the best Android or iPhone antiviruses. The latter are often based on VPN access which completely blocks all domain names known to be linked to malicious campaigns. More generally, you should never click on a link received by SMS / WhatsApp and other messaging applications without really expecting it.
Finally, it is always advisable to think carefully about the permissions requested by the applications before granting them. Accessibility features, in particular, have a long history of circumventing many security mechanisms. For example, in this case, FluBot uses accessibility features to spy on everything displayed and then extract anything that looks like credit card numbers.