In recent days, CERT-AGID has identified a new malware campaign aimed at Android smartphones in Italy. It is called Flu Bot 3.9 and it is a malware transmitted via SMS. Pretends to be a call for action from the DHL courier. In reality, it is quite another.
How does malware work?
The victim receives a malicious link via SMS. The content mentions a fake shipment arriving. By clicking on the link, a fake page offers to download the DHL.apk application. Of course this is not the official app, but one created specifically for the scam.
Once the permissions are obtained, the Android Flu Bot 3.9 malware is able to act as an "accessibility service". In this way, it takes possession of sensitive data saved on the smartphone. In particular, cybercriminals are interested in access credentials for services and bank accounts. The data is subsequently copied and sent to external servers.
The dangers
There are several dangerous commands that the malware can perform once installed on the Android phone. From some analyzes it emerged that Flu Bot is able to:
To protect yourself from Flu Bot it is essential not to click on links contained within suspicious SMS. As you need permissions to install the malicious APK. It is good to avoid resorting to unknown sources and to rely on the official apps in the Play Store.
Samsung Galaxy A12, Smartphone, 6.5 ″ HD + Display, 4 Rear Cameras, 128 GB Expandable, 4 GB RAM, 5000 mAh Battery, 4G, Dual Sim, Android 10, 205 g, Quick Charge [Italian Version], Blue
Protect yourself from attacks
Several SMS received from non-authoritative sources may contain malware. However, you can avoid them by following a few tips:
How to uninstall malware
In case it is too late and malware has infiltrated your system, here are some steps that may help you get rid of the virus.
First you must try to block the invasive action of the malware by uninstalling the suspicious app. But be careful, because often the application is not deleted so easily.
Here we must therefore get around the obstacle by putting the mobile phone in safe mode. This is a very simple procedure in most devices which consists of pressing the power button, as if you wanted to turn off the device and hold it down until you are asked if you want to activate the safe mode.
At that point, third parties will not be able to function, including malware. Then proceed by selecting the Applications item, to view the list of all applications on the phone, including infected ones.
By tapping on the suspicious app , you will be able to select the 'uninstall' option. Most of the time, this way, the problem is solved.
If the word uninstall was grayed out and therefore not selectable, the virus could have made itself the administrator of the device. You will then need to exit the Applications menu and select Settings> Security> device administration. You will find a list of all apps that have admin position.
Just uncheck the box of the application you want to remove and click Deactivate on the next screen. You should now be able to go back to the Applications menu and remove that app.
As a last step, you will need to reboot the device to exit Safe Mode.
If even following these steps were not able to uninstall the virus, the only option left could be a total reset of the device.