Protect your cell phones with security software
In the statement made by ESET, android users who secure their mobile devices with ESET Mobile Security are also protected against Flubot and can detect all malware called variants of the Android / TrojanDropper.Agent family. However, many android users are not protected by a mobile security solution and are therefore vulnerable to this threat.
It looks like an “innocent” SMS from the cargo company
Redirects to fake website
People who click on the malicious link DHL; It is redirected to the website of an international logistics company that appears to be FedEX, or recently UPS. In addition, regional or local logistics companies are among the companies FluBot has impersonated. The goal is to have android users click a link similar to the FedEx app to allow them to download and install a malicious application associated with FluBot. The actual FedEx Mobile application does not ask for permission to use accessibility services.
Watch out for malicious SMS messages, fake apps and other tricks
Experts made the following recommendations to avoid exposure to the rapidly spreading FluBot attacks;
• Think twice before clicking on a link sent via SMS.
• Instead of clicking on the link, go to the official website and enter the tracking number provided to make sure it is genuine.
• Do not download applications other than official app stores such as Google Play.
• Be sure of what permissions you give apps. If you find that the requested permissions are suspiciously irrelevant to the application’s stated purpose, you may be against malware.
• Before downloading an application, research about the developer of the application, read ratings and user feedback about the application. Beware of negative comments, some apps may be too good to be true.