It’s FluBot season; a new form of malware with its sights set on the financial services industry, thousands of Australians have been hit with the scam in the past couple of months.

First noted in Spain earlier this year, evidence suggests it has also spread through Europe to Poland, Germany, Hungary and the UK.

But what is FluBot and what’s the impact on businesses? In this blog, we’ll give an overview of the malware and how it works, and what you can do to protect your business.


What is FluBot Malware and how does it work?

While similar to other forms of malware, the FluBot has made quick progress, spreading globally and inflicting serious damage. Between the 4th and 17th August this year, Scamwatch received 413 reports per day for all SMS-related scams including FluBot, compared to 122 between the  1st July and 3rd August.

The malware’s target is mobile banking and cryptocurrency-related apps on Android phones that have enabled side-loading apps. Essentially, a user will receive an SMS advising they have a voicemail or a parcel is on its way. There will be a link, which if clicked, will prompt the user to download an app. Once the app is downloaded, the malware has infected the device.

It will then harvest the contact list – however, it’s smart enough to not send the FluBot to these numbers. Instead, it will send to random numbers (saving the user’s contact list for another victim) before blacklisting the recipients. This limits the ability to alert the user that their device has been infected.

But this is only the initial steps. The end game is to access a user’s banking credentials. The next time the user opens their banking (or crypto) app, the FluBot malware will overlay its own version of the login screen. Once the credentials are entered, the legitimate app will resume.



How do I know if I’ve been affected by FluBot?

In Australia, the main telecommunications companies – Telstra, Optus and Vodafone (TPG) – have begun directly alerting customers it believes might have been hit by the scam, but all three companies advise it’s difficult to block the scam on a network level, as the link for the malware is constantly changing.

It’s recommended that businesses, especially those in the financial industry, alert their customers of the scam and educate them on ways to protect themselves. This is particularly important in regions where banks are liable for phishing attacks, such as throughout Europe.


Protect your business from FluBot and other malware with FraudWatch

FluBot is only the latest form of malware in a long stream of attacks by cybercriminals. And if how quickly it’s spread globally is anything to go by, it’s only clear that these attacks are becoming more sophisticated.

While individuals can stay alert and protect themselves from scams, it’s important businesses do their part as well. Not only to protect from liability in some regions, but also to maintain a high level of consumer trust and strong brand reputation.

FraudWatch employs a dedicated team of analysts working 24x7x365 to protect businesses from malware, phishing attacks and much more. With the fastest takedown times (and financially backed SLAs), we’ll ensure your business remains secure from online threats.