[MART] - Daily Diary #523 - Mobile Malware FluBot Disrupted

CTAS-MAT ctas-mat at appgate.com
Wed Jun 1 21:18:51 UTC 2022


I hope everyone is doing well!

Below is the entry for today.

06/01/2022 - Diary entry #523:

First covered in our Daily Diary #265, FluBot is a versatile Android malware that made its first appearance around February of 2021. This threat provides a lot of functionalities to the attacker, including access to SMS messages, push notifications, contact lists, calls, and others. It can even be used as a banking malware, creating overlays to steal user credentials.

In December 2021, in our Daily Diary #403, we covered FluBot's new campaign targeting Finland where the attackers used the infected devices to spread SMShing messages resulting in 70,000 attacks launched over SMS.

Most recently, Europol has announced the takedown of the FluBot operation involving law enforcement authorities from 11 affected countries, including Australia, Belgium, Finland, Hungary, Ireland, Romania, Sweden, Switzerland, Spain, Netherlands, and the United States. Its infrastructure was disrupted earlier in May by the Dutch Police, making FluBot's infrastructure inactive.

Similar to the takedown of Emotet, covered in our Daily Diaries #194 and #195, disrupting FluBot's infrastructure is not an easy task and requires massive coordination between law enforcement from different countries. Therefore, the success of this operation shows the growing cooperation among those countries to disrupt cybercrime, which will most likely promote new operations. Even if FluBot resurfaces like Emotet, with a new infrastructure and possibly under the wings of a new cybercrime group, it will take time - and resources - to build a large network of infected devices.

Kind Regards,


[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>

Felipe Tarijon de Almeida
Malware Analyst

E: felipe.tarijon at appgate.com<mailto:felipe.tarijon at appgate.com>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20220601/2d07675f/attachment.htm>

More information about the MART mailing list