Europol Confirms Takedown of SMS-based FluBot Spyware

Europol’s European Cybercrime Centre (EC3) announced the execution of an international law enforcement operation that involved 11 countries and resulted in the takedown of the so-called “FluBot” Spyware.

The technical achievement reportedly followed an investigation involving law enforcement authorities of Australia, Belgium, Finland, Hungary, Ireland, Spain, Sweden, Switzerland, the Netherlands, and the United States and coordinated by EC3.

“With cases spreading across Europe and Australia, international police cooperation was central in taking down the FluBot criminal infrastructure,” said EC3.

Writing in a blog post, Europol said the task force's actions were prompted by the Android malware spreading aggressively through SMS, stealing passwords, online banking details and other sensitive information from infected smartphones across the world.

Now, Europol confirmed FluBot’s infrastructure was successfully put under the control of law enforcement, following a May operation by the Dutch Police, whose actions rendered the strain of malware inactive. 

For context, FluBot was first seen in the wild in December 2020, but only gained traction in 2021, when it infected a substantial amount of devices around the world, particularly in Finland and Spain

Much like TangleBot, FluBot attached itself to a device via text messages that asked Android users to click a link and install an application (typically to track a package delivery or listen to a fake voicemail message).

Once installed, the app would ask for accessibility permissions, which were used by malicious actors to steal banking app credentials and cryptocurrency account details as well as disable built-in security features.

Interpol said the malware was particularly virulent as it automatically multiplicated by accessing an infected smartphone’s contacts and forwarding itself to their devices.

EC3 also explained that since FluBot malware was disguised as an application, it could be difficult to spot. 

“There are two ways to tell whether an app may be malware: If you tap an app, and it doesn’t open [and] If you try to uninstall an app, and are instead shown an error message.”

While the FluBot infrastructure is now reportedly under the control of Dutch police forces, Europol recommended to all Android users who believe they may have accidentally installed FluBot to reset their phones to factory settings.

What’s Hot on Infosecurity Magazine?