Flu Bot 3.9 – latest malware on Android was recently identified by CERT-AGID. The malware specifically targets Android smartphones in Spain, Germany, and Hungary. Flu Bot 3.9 malware is distributed via SMS messages. The malware pretends to be a notification coming from a DHL courier anticipating your action to respond to it.
According to the researchers the malware supports multiple languages which include Polish, Italian, Hungarian, Galician, Basque, Spanish, German, and Catalan. Though it is not activated on devices using these languages or other languages such as Uzbek, English (UK), Turkish, Tajik, Russian, Romanian, Kyrgyz, Kazakh, Georgian, Armenian, Belarusian, or Azerbaijani language.
The coded scripts written are in Russian and the exclusion of countries in the former USSR shows signs of its Russian origin.
In the image below you can see the Italian prefix present in the code which suggests it was created in Italy.
How Flu Bot 3.9 Latest Malware on Android works?
Flu Bot 3.9 Latest Malware on Android appears in the form of a harmless SMS. It is in fact an SMS with a malicious link which the victim receives before the scam is carried out. The SMS message informs the victim of a fake shipment coming. It instructs them to click on the link and redirects to a page for downloading the DHL.apk app. This obviously is not an official DHL app but a well-designed scam.
Once Flu Bot 3.9 malware gets permissions it is able to take control of any “accessibility service”. Enabling the malware to collect all sensitive data victims may have saved directly on the smartphone. This data is sent to external servers and the bad actors have access to credentials such as bank details etc which they can use for their own personal interests.
Flu Bot 3.9 is capable of hacking the address book, sending malicious SMS, disable Google Play Protect, activate unwanted services, disable two-factor authentication and uninstall important apps.
How to protect yourself from Flu Bot 3.9 Latest Malware on Android?
Prevention is better than cure, it is in your best interest not to click on any unknown link you receive via SMS. You will require permission to install the apk so avoid doing it, especially from unknown sources. As a best practice only allow genuine requests from Google Play Store.