Lo sentimos, el contenido de esta página no está disponible en el idioma que ha elegido.
Inicio Flubot

Flubot

Also known as: Cabassous

Category: Malware 

Type: Banking trojan, spyware

Platform: Android

Variants: Android/Trojan.Bank.Acecard, Android/Trojan.BankBot, and Android/Trojan.Spy.Agent

Damage potential: Credential theft, financial fraud, data espionage, device takeover, privacy invasion, and network abuse.

Overview

Flubot, first discovered targeting Spanish Android users in late 2020, is notorious Android banking malware designed to steal banking credentials and other sensitive data. It primarily spreads through SMS phishing, or smishing, by sending deceptive text messages, usually disguised as parcel delivery notifications with fake links that trick users into downloading malicious apps.

Once installed, Flubot abuses Android’s accessibility permissions to spy on victims. It displays fake login screens when victims open banking apps to steal their usernames and passwords.

Flubot also uses infected devices to send more phishing SMS messages, which helps the malware spread further. Some variants even employ a domain generation algorithm (DGA) to communicate with command-and-control (C2) servers, evade detection, and improve resilience against takedowns.

Possible symptoms

Detecting Flubot early can be challenging, but watch for these indicators of compromise:

  • Receiving unusual text messages with suspicious links, especially about unanticipated parcels or deliveries.
  • Frequent permission requests from apps you don’t recognize.
  • Fake login screens appearing when accessing banking or financial apps.
  • Sluggish device performance or increased battery drain.
  • Unexplained SMS messages sent from your phone to your contacts.
  • Increased phone bill due to unexplained SMS messages sent from your phone.
  • Disabled security features like Google Play Protect.
  • Apps uninstalling themselves without your consent.

Sources of infection

Flubot takes advantage of several infection methods:

  • Smishing (SMS phishing). Attackers send fake text messages that imitate parcel delivery notifications with links to download the malicious app.
  • Malicious APK files. The malware often disguises itself with package names like “com.tencent” and pretends to be a legitimate delivery app by using logos and names of well-known companies.
  • Social engineering tricks. During installation, Flubot manipulates users into granting accessibility permissions, which enable spying and data theft.
  • Fake update prompts. Some versions prompt victims to install fake updates or additional apps that grant attackers more control.
  • Spreading through infected devices. Once inside, Flubot can hijack the victim’s device to send phishing SMS messages to their contacts.

Protection 

Protect your Android device from Flubot with these steps:

  • Avoid clicking links in unexpected or suspicious text messages, especially about packages or deliveries you weren’t expecting.
  • Download apps only from official sources like the Google Play Store, never from links in text messages.
  • Always review app permissions carefully, and deny permissions that seem unnecessary, especially accessibility services.
  • Keep your Android device and security apps updated to their latest versions.
  • Enable Google Play Protect and avoid disabling it.
  • Use strong, unique passwords for banking and financial apps, and enable two-factor authentication.
  • Educate yourself and others about smishing attacks and how to spot them.
  • Consider using mobile security tools that detect malware like Flubot.

For added protection, consider using services like NordVPN’s Threat Protection. This service blocks malicious and unsafe domains via DNS filtering and provides extra security against phishing and malware.

Flubot removal

Removing Flubot might be tricky, but it can be done:

  1. 1.Disconnect your device from the internet to cut off communication with attackers.
  2. 2.Locate and uninstall any newly installed or suspicious apps.
  3. 3.Revoke accessibility permissions for unknown apps in your device settings.
  4. 4.Run a full malware scan with a trusted mobile antivirus tool.
  5. 5.Delete any SMS messages containing suspicious links.
  6. 6.Change passwords for all affected accounts, ideally using a clean device.
  7. 7.If the malware persists, perform a factory reset to ensure it is fully removed.