Password-stealing Android malware use deceptive security warnings to mislead you into installing


One especially cunning piece of malware is attempting to mislead Android users into installing it by saying that their smartphone is already infected with the same virus and that they require a security update.

FluBot, a kind of Android virus that steals passwords, bank details, and other sensitive information from infected cell phones, is sent through text message. FluBot also uses device permissions to propagate itself to additional victims, allowing the infection chain to continue. While the URLs may be transmitted to iPhones, FluBot cannot infect Apple devices.

FluBot assaults have often taken the form of text messages in which the receiver is informed that a delivery has been missed and is asked to click a link to install an app in order to arrange a redelivery. This programme is responsible for the malware’s installation.

However, it isn’t the only method fraudsters are employing to mislead victims into installing FluBot malware – The Computer Emergency Response Team (CERT NZ) of New Zealand has issued a warning about scam text messages that say the user is already infected with FluBot and needs to download a security update.

Following the link, the user is greeted with a red warning message that claims “your smartphone is infected with FluBot malware” and expressly indicates that FluBot is Android spyware designed to collect financial login and password information.

At this moment, the device is not infected with anything, but the malware distributors are being so “honest” about FluBot because they want the victim to worry and click a link to install a “security update,” which infects the smartphone with malware.

This grants the attackers access to all financial information they choose to steal, as well as the capacity to disseminate FluBot malware to contacts in the victim’s address book.

FluBot has been a chronic virus problem across the world, however users will not be infected if they do not click on the link. Anyone who suspects they have opened a link and downloaded FluBot malware should call their bank to discuss any strange behaviour and change all of their online account passwords to prevent hackers from gaining direct access to their accounts.

If a user has been infected with FluBot, it is also suggested that they conduct a factory reset on their phone to eradicate the infection.

It can be tough to keep up with smartphone notifications, but it’s important to remember that corporations are unlikely to encourage you to download an app via a direct link; instead, downloading legitimate apps from official app stores is the best method to attempt to stay secure while installing apps.