A new smishing campaign is hitting Android and iOS users. The new malware named Flubot scams through a received SMS. Let’s see what smishing is, how the Flubot campaign works and how to defend yourself.
Table of Contents
What Is Meant By Smishing?
This is a smishing campaign that started at Easter in Romania. The SMS received advertises fake content and usually contains a voice message.
If we had to make a comparison, smishing is to SMS, as phishing is to email accounts. The ultimate goal for both techniques is the same; the attacker is looking for your personal and confidential information, whether phishing or smishing.
Smishing: The Flubot Campaign
The goal of this campaign is to steal sensitive data from poor victims. The recent campaign demonstrates how mobile users today are still unprepared and vulnerable to threats that use smishing as an attack vector.
According to Bitdefender, the campaign uses the same smishing techniques used for other scams in the past.
Flubit affects Android and iPhone users equally, but Android users remain the primary target of cybercriminals.
Flubit: How The Smishing Campaign Works
As we said before, it is still too easy to convince a user to click on a link that arrives via SMS or via a message on instant messaging applications.
If the victim clicks on the link in the SMS, he is redirected to a screen that asks to install an unknown application: “a fake answering machine app,” which would be used to listen to the voice message.
Flubit: The Mistakes To Avoid In Order Not To Fall Into The Trap
Malware asks victims for specific permissions to perform malicious operations. The unprepared user does not have any problem granting them. Here is the second error of the user; the first is the click on the link received, and the second is the installation of the malicious app.
Flubit is designed to steal information and credit card credentials from poor victims; this allows the cybercriminal to steal money and attack victims’ accounts; the malware mimics a series of real application icons to disguise itself and spread.
Flubit Apple iOS
The malware does not run on Apple IOS, but when iPhone owners access the infected links, they are redirected to phishing sites.
The scam encourages victims to answer market research questions to receive an iPhone 13 in exchange for cooperation.
How Can We Protect Ourselves From Smishing Campaigns?
These campaigns’ success factors are the absence of defense software installed on mobile devices. Security solutions must be established to detect this malware and any social engineering vector created to distribute and activate this scam.
If you think about it nowadays, our mobile devices handle a crazy amount of personal information, which simultaneously becomes a vast treasure for cybercriminals who, with this data, can lead a wide range of obviously illegal activities.
Always be wary of announcements received that promise prices are not possible; for the latest model of iPhone, you can not pay 50-100 euros, or you have an investment voucher equal to 200 euros waiting for you. IMPOSSIBLE nobody gives you anything!
When you receive an email written in incorrect Italian, raise the antennas if there is something underneath; also, if it contains an attachment or a link, trash it immediately.
Search the web to see if other users have already received similar emails.
Remember to keep the safety bar consistently high, the helmet for protection always fastened, and the attention lights always on!
Also Read: What Is Phishing?