FluBot Android Spyware Taken Down in Global Law Enforcement Operation

FluBot Android Spyware Taken Down in Global Law Enforcement Operation

An worldwide legislation enforcement procedure involving 11 countries has culminated in the takedown of a infamous mobile malware danger termed FluBot.

“This Android malware has been spreading aggressively as a result of SMS, stealing passwords, on the web banking aspects and other delicate facts from infected smartphones throughout the globe,” Europol stated in a assertion.


The “advanced investigation” involved authorities from Australia, Belgium, Finland, Hungary, Ireland, Romania, Spain, Sweden, Switzerland, the Netherlands, and the U.S.

FluBot, also named Cabassous, emerged in the wild in December 2020, masking its insidious intent at the rear of the veneer of seemingly innocuous package monitoring purposes such as FedEx, DHL, and Correos.

It mostly spreads by using smishing (aka SMS-based phishing) messages that trick unsuspecting recipients into clicking on a backlink to download the malware-laced applications.

FluBot Android Spyware

When launched, the application would progress to request obtain to Android’s Accessibility Assistance to stealthily siphon lender account qualifications and other delicate facts stored in cryptocurrency apps.

To make matters worse, the malware leveraged its entry to contacts stored in the contaminated product to propagate the infection further more by sending messages that contains inbound links to the FluBot malware.


FluBot campaigns, even though generally an Android malware, have also evolved to concentrate on iOS customers in new months, wherein people trying to entry the contaminated back links are redirected to phishing web pages and membership cons.

“This FluBot infrastructure is now below the handle of legislation enforcement, placing a prevent to the destructive spiral,” the company observed, including that the Dutch Law enforcement orchestrated the seizure very last month.

According to ThreatFabric’s mobile danger landscape report for H1 2022, FluBot was the next most active banking trojan driving Hydra, accounting for 20.9% of the samples observed amongst January and Could.

“ThreatFabric has carefully labored with regulation enforcement on the scenario,” founder and CEO Han Sahin explained to The Hacker Information.

“It can be a good get thinking about FluBot menace actors have or experienced 1 of the most resilient procedures when it arrives to distribution and hosting of their backends with DNS-tunneling as a result of community DNS-around-HTTPS expert services. This backend resilience in C2 internet hosting and fronting is what makes the endeavours of the Dutch digital crime device very amazing.”

The Dutch cybersecurity enterprise also noted that exclusive malware samples designed by the operators of FluBot stopped after May 19, coinciding with the takedown, correctly slowing their “worming attempts.”

“The all round effects [of the dismantling] on the mobile danger landscape is limited due to the fact FluBot is not the strongest Android banking trojan,” Sahin additional. “Exo, Anatsa, Gustuff, those people are a actual issue to any consumer. The electrical power at the rear of FluBot has constantly been [its] infection figures.”