Bogus Android security update could install dangerous malware on your phone

11comments
Bogus Android security update could install dangerous malware on your phone
Something as totally benign as a security update is being turned into a way to install malware on Android devices. Cybersecurity firm Cert NZ (via TechRadar) reports that a malicious app, known as FluBot, is being spread over Android handsets using text messages. The texts are about parcel delivery or could state that a photo of the recipient has been uploaded.

Either way, the goal of the text is to get the unsuspecting victim to click on an attached link that will ask that the recipient install an app or a security update. The irony of that is rather obvious. Just receiving the app won't infect your handset. You have to tap on the link and download the app for that to occur. In fact, iOS-powered phones can also receive the text message, but cannot get infected.

This malware attack uses your emotions, including fear, to get you to install malware on your phone


One of the texts being used to spread the malware tries to scare users into installing it with a heading that reads "Your device is infected with the FluBot software" and continues to say "Android has detected that your device has been infected. FluBot is an Android spyware that aims to steal financial login and password data from your device. You must install an Android security update to remove FluBot."

And right below that copy, written to scare the hell out of Android users, is a link that says "Install Security Update." The text even directs Android users to remove some protection they might have had against installing malicious apps. On the bottom of the message, it notes, "If a window appears preventing the installation, select "settings" and enable the installation of unknown apps."

If you click the link but do not install the app, your phone won't be infected. Still, Cert NZ suggests that if you do click on the link that you should change all of your passwords and contact your bank just to be safe. If you do click on the link and install the app, you need to wipe your phone by performing a factory reset. You should also change all of your passwords and call your bank.

FluBot has been able to trick Android users into giving it permissions while it runs in the background, creating all sorts of havoc for the device owners. FluBot has been spotted in Spain, Germany, Poland, Hungary, UK, and Switzerland as well as Australia and Japan. It can steal banking and payment information by placing overlays on top of legitimate banking, payment, and cryptocurrency apps.

Recommended Stories
To help spread the malware, FluBot will also steal a user's contacts list and send out phishing messages in an attempt to spread the infection to more Android phones. To prevent getting caught up in this scheme, do not click on any security update that doesn't come from Google. Besides, why would a legit source of a security update ask you to disable your phone's restrictions preventing the installation of unknown apps?

Another trick tries to get you to install a parcel tracker on your handset


The key to this particular scam is to get you so nervous about FluBot that you're looking for anything that you can use to block it. So the scam text gives you a lifesaver in the form of a fake software update that is designed to attack your phone with the virus that you think that you are protecting it from.

Another trick used is to get you excited about a fake package that is supposedly coming your way. This message also gives you directions on how to disable the block against installing unknown apps. Again, the bad actors are toying with your emotions since they know most people love receiving unexpected parcels.

The way to prevent your Android phone from being infected is to use common sense. Don't be quick to tap on a link and if something doesn't seem kosher about a text you receive, delete it immediately. And even if you don't live in an area where FluBot has been seen, at least not yet, you should still be knowledgeable about this scam.

Recommended Stories

Loading Comments...
FCC OKs Cingular\'s purchase of AT&T Wireless