Bogus delivery advice text message is malware that can steal data

What Mobile
April 28, 2021

It can infiltrate both Android and iOS devices

A bogus SMS text claiming to be package delivery notification is actually mobile malware spread by hackers seeking to distribute malicious apps laced with the banking trojan FluBot (aka Cabassous).

Once the malware is downloaded, the app can intercept SMS messages, steal contact information, and display screen overlays to trick users into handing over their credentials.

Hank Schless, senior manager, security solutions at Lookout, explains attackers are taking advantage of the recent  Facebook data leakage where over 500 million users’ information were exposed.

Schless said: “And what’s unique about the campaign is that it has different kill chains depending on whether the target uses an iOS or Android device. For Android and some iOS victims, they are directed to a website that prompts them to download an app.

“For other iOS targets, they are shown fake online banking pages to trick them into giving up their credentials.What makes FluBot more sophisticated than other MaaS is its use of a domain generated algorithm (DGA). This algorithm creates slightly different variations of a given domain name – a technique known as domain fluxing – to hide its command-and-control server IP address among a long list of benign domains.

“As we’ve seen with BancaMarStealer, MaaS trojans are frequently reused. Since FluBot is even stealthier than BancaMarSteeler, it is very likely that we will see similar growth in FluBot variants”.

About the Author

Share this article