Skip to content

The FluBot attack: A preventative guide to fast-spreading malware

December 21, 2021

Telesign Team
A person using an infected smartphone.

We’ve often thought of malware and cyberattacks as something aggressive and commanding. However, sometimes the malware is deceptive, slowly gaining control of a system and becoming a dangerous threat. This type of threat is much more devastating, as it can go unchecked for longer.

FluBot is malware that deceptively attacks Android smartphones. Many people have the malware on their phones and don’t even know it, continuing to access login pages, banking information, and more.  

There’s no need to be alarmed, though, because there are plenty of solutions to combatting the FluBot malware. This guide provides a comprehensive breakdown and presents some dynamic, new ideas to prevent and remove FluBot.

What is FluBot?

FluBot is a form of spyware that falls under the umbrella of smishing (phishing using SMS). FluBot attacks Android users, infiltrating their contacts and private information via deceptive messages and notifications, often disguised as voicemails.

Who’s at risk of an attack?

FluBot so far is impacting European users most, but plenty of attacks are happening across the globe – including in the United States and Australia. Anyone who uses an Android smartphone is potentially susceptible to the devastating effects of FluBot. These phone types include the Samsung Galaxy, the Google Pixel, and others.  

Specifically, you become at risk for this malware attack if you use an Android phone, live in an area where attacks are prevalent and are unaware of the tricks the bad actors use when they deliver these phony messages to smartphones. For example, if a user believes that a link in a text message is coming from a company they trust and click on the link, they are vulnerable to attack.

Now that you have a good sense of who is likely to fall victim to this attack, let’s see how the malware works.

How does FluBot work?

FluBot works by sending a deceptive SMS with a malicious link that infiltrates a smartphone’s contacts and information. Most commonly, these messages appear to be from a shipping company claiming to have a package delivery for the user. The message contains a link, which, if clicked, takes the person to a webpage that appears to be a reputable site belonging to a known company. The site downloads a file to the person’s smartphone and presents itself as a legitimate application during installation.

If installed, the person’s phone will be completely vulnerable to all sorts of commands that expose contacts, change important settings, and ruin working apps on the phone. A FluBot breach can lead to:

  • Stolen identity
  • Password theft
  • Fraudulent financial transactions

How do I know if I have FluBot already?

It’s not always easy to know when you’ve fallen victim to the FluBot malware, but some warning signs worth investigating include:

Slowdowns. The first thing you’ll probably notice is a change in your device’s overall functionality, including how fast it loads applications. If you’re noticing a sudden slowdown in the performance of your phone or apps, this can be a symptom of FluBot.  

Battery health. If your smartphone’s battery is draining more rapidly than usual, FluBot may have forced unauthorized applications to be running in the background.

Lagging internet. It’s nothing to worry about if a once-fast connection is slow for a day or two, but if it’s a sustained incident over a more extended time, it could be the malware at work.

Other ways to notice an infection include:

  • Your phone’s web browser randomly visiting unauthorized websites
  • System settings that are changing on their own
  • More proliferous advertisements in apps and while browsing the web
  • Random applications running – unprompted – from time to time.

If your phone is acting up in any of the above ways, consider your recent usage history. If you’ve clicked on any links or received any unusual messages, FluBot may be the cause of your phone’s issues.

If you don’t have any of the above symptoms, that’s great. If your device is infected, it’s not the end of the world. There are ways to get rid of the malware for good. We’ll give you some tips on keeping it that way, avoiding FluBot altogether.

Prevention and correction

Prevention should be the first part of the equation, then removal if necessary. We’ll begin by explaining how to avoid getting the FluBot malware in the first place.

How to avoid FluBot

The following are the most tried and true ways to stay safe from this type of malware:

  • Install mobile security app. There are both free and pay-to-use antivirus systems designed for mobile, specifically Android, use. Install one of them to keep your phone safe.
  • Double-check webpages. When ready to complete a transaction or download a file on a web page, make sure you’re on the company’s official website you’re trying to do business with by double-checking the URL. The changes are often hard to spot, so look closely.
  • Avoid clicking links from unknown sources. Even when an SMS message is seemingly legitimate, you should always exercise caution if it contains a link. Be sure you trust a sender before clicking a link. You can also roll over the link before clicking to see if the URL is legitimate.
  • Keep software current. Frequently updating your Android software is a great way to ensure everything runs smoothly and is less prone to attacks.

How to remove FluBot

There are a few different ways to rid yourself of FluBot, each with its pros and cons. One of the most effective yet most pervasive is a complete system reset. This will get rid of the malware and all of your current settings, stored data (images, passwords, etc.).  

You can instead try to remove apps manually from your phone. Often this works best if you start the phone in Safe Mode. Of course, it’s not always easy to tell which app poses a threat, so checking your phone’s battery usage will give you a better idea.

Future outlook

The bad news is that FluBot is finding its way into places on the map it hasn’t gone before. Because of the way the attack behaves once it infiltrates a phone, it’s likely that many people are now at risk. The good news is, if you take the necessary precautions, you can avoid the malware.