Watch out - that Android security update may be malware

A warning about malware is tricking users into installing malware on their own devices

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The creators ofFluBothave launched a new campaign that uses fake Android security update warnings to trick potential victims into installing themalwareon their devices.

In a newblog post, New Zealand’s computer emergency response team Cert NZ has warned users that the message on the malware’s new installation page is actually a lure designed to instill asense of urgencythat tricks users into installing FluBot on their own devices.

The new FluBot installation page, that users are led to after receiving fake messages about pending or missed package deliveries or even stolen photos uploaded online, informs them that their devices are infected with FluBot which is a form ofAndroid spywareused to steal financial login and password data from their devices. However, by installing a new security update, they can remove FluBot from theirAndroid smartphone.

The page also goes a step further by instructing users to enable the installation of apps from unknown sources on their device. By doing so, the cybercriminals' fake security update can be installed on their device and while a user may think they’ve taken action to protect against FluBot, they’ve actually installed the malware on their smartphone themselves.

Changing tactics

Until recently, FluBot was spread to Android smartphones through spam text messages using contacts stolen from devices that were already infected with the malware. These messages would instruct potential victims to install apps on their devices in the form ofAPKsthat were delivered by attacker-controlled servers.

Once FluBot has been installed on a user’s device, the malware often tries to trick victims into giving it additional permissions as well as granting access to theAndroid Accessibilityservice that allows it to run in the background and execute other malicious tasks.

FluBot is capable of stealing a user’s payment and banking information by usingoverlay attackswhere an overlay is placed on top of legitimate banking, payment and cryptocurrency apps. As mentioned before, the malware will also steal a user’s contacts to send them phishing messages to help spread FluBot even further.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

While FluBot was mainly used to target users in Spain at its onset, its operators have since expanded the campaign to target additional countries in Europe including Germany, Poland, Hungary, UK and Switzerland as well as Australia and Japan in recent months.

ViaBleepingComputer

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.

Rising AI threats are making firms turn back to human intelligence

Thousands of employees could be falling victim to obvious phishing scams every month

How we test vacuum cleaners