{"id":4174,"date":"2022-01-08T22:24:17","date_gmt":"2022-01-08T16:54:17","guid":{"rendered":"https:\/\/xiarch.com\/blog\/?p=4174"},"modified":"2022-01-08T22:24:19","modified_gmt":"2022-01-08T16:54:19","slug":"flubot-malware-now-targets-europe-assuming-as-the-flash-player-application","status":"publish","type":"post","link":"https:\/\/xiarch.com\/blog\/flubot-malware-now-targets-europe-assuming-as-the-flash-player-application\/","title":{"rendered":"FluBot Malware Now Targets Europe Assuming as the Flash Player Application"},"content":{"rendered":"\n
The extensively appropriated FluBot malware extends to emerge, with new campaigns allocating the malware as Flash Player and the developers adding new features. FluBot is an Android banking trojan that hijacks credentials by displaying overlay login forms against many banks across the world.<\/p><\/p>\n\n\n\n
The SMS Phishing (smishing) allurement for its distribution consists of fake security updates, fake Adobe Flash, Players, voicemail memos, and acts like parcel delivery notice. At once the device, FluBot can hijack online banking passwords, send advance smishing messages to all their contacts, it commonly spreads like wildfire.<\/p><\/p>\n\n\n\n
<\/figure><\/div>\n\n\n\n
Why Imitating as Flash Player?<\/strong><\/h2>\n\n\n\n
MalwareHunterTeam told Xiarch that new FluBot operations are distributed utilizing SMS texts asking the receiver if they aimed to upload a video from the device. An example of this operation\u2019s SMS text targeting Polish receiver was transmitted was shared by CSIRT KNF, as given below:<\/p><\/p>\n\n\n\n
<\/figure><\/div>\n\n\n\n
When the receivers tap on the included link, they are brought to a page offering a fake Flash Player APK that installs the FluBot malware on the Android device.<\/p><\/p>\n\n\n\n
<\/figure><\/div>\n\n\n\n
Android users should always avoid installing apps from APKs hosted at remote sites to protect themselves from malware. This practice is especially true for well-known brands, like Adobe, whose apps should only be installed from trusted locations.<\/p><\/p>\n\n\n\n
What are the Advance features in Update FluBot Versions?<\/strong><\/h2>\n\n\n\n
The most recent major release is version 5.0, which came out in early December 2021, while version 5.2 saw the light only a few days ago. With this release, the DGA (domain generation algorithm) system received much attention from the malware authors, as it\u2019s vital in enabling the actors to operate unobstructed.<\/p><\/p>\n\n\n\n
DGA generates many new C2 domains on the fly, making mitigation measures such as DNS blocklists ineffective. In its newest version, FluBot\u2019s DGA uses 30 top-level domains instead of just three used previously and also features a command that enables attackers to change the seed remotely.<\/p><\/p>\n\n\n\n
<\/figure><\/div>\n\n\n\n
On the communication side, the new FluBot now connects to the C2 through DNS tunneling over HTTPS, whereas previously, it used direct HTTPS port 443. The commands added on the malware in versions 5.0, 5.1, and 5.2, are the following:<\/p><\/p>\n\n\n\n
Update DNS resolvers<\/li>
Update the DGA seed remotely<\/li>
Send longer SMS messages using multi-part division functions<\/li><\/ul>\n\n\n\n
Along with the above, the latest version of FluBot retains the capability to:<\/p><\/p>\n\n\n\n
Open URLs on demand<\/li>
Get the victim\u2019s contact list<\/li>
Uninstall existing apps<\/li>
Disable Android Battery Optimization<\/li>
Abuse Android Accessibility Service for screen grabbing and keylogging<\/li>
Perform calls on demand<\/li>
Disable Play Protect<\/li>
Intercept and hide new SMS messages for stealing OTPs<\/li>
Upload SMS with victim information to C2<\/li>
Get the list of apps to load the corresponding overlay injects<\/li><\/ul>\n\n\n\n
In summary, FluBot hasn\u2019t deprecated any commands used in previous versions and only enriched its capabilities with new ones.<\/p><\/p>\n","protected":false},"excerpt":{"rendered":"
The extensively appropriated FluBot malware extends to emerge, with new campaigns allocating the malware as Flash Player and the developers adding new features. FluBot is an Android banking trojan that hijacks credentials by displaying overlay login forms against many banks across the world. The SMS Phishing (smishing) allurement for its distribution consists of fake security […]<\/p>\n","protected":false},"author":2,"featured_media":4180,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[6],"tags":[],"yoast_head":"\n
FluBot Malware Now Targets Europe Assuming as the Flash Player Application - Xiarch Solutions Private Limited<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/xiarch.com\/blog\/flubot-malware-now-targets-europe-assuming-as-the-flash-player-application\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"FluBot Malware Now Targets Europe Assuming as the Flash Player Application - Xiarch Solutions Private Limited\" \/>\n<meta property=\"og:description\" content=\"The extensively appropriated FluBot malware extends to emerge, with new campaigns allocating the malware as Flash Player and the developers adding new features. FluBot is an Android banking trojan that hijacks credentials by displaying overlay login forms against many banks across the world. The SMS Phishing (smishing) allurement for its distribution consists of fake security […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/xiarch.com\/blog\/flubot-malware-now-targets-europe-assuming-as-the-flash-player-application\/\" \/>\n<meta property=\"og:site_name\" content=\"Xiarch Solutions Private Limited\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/xiarch\/\" \/>\n<meta property=\"article:published_time\" content=\"2022-01-08T16:54:17+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-01-08T16:54:19+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2022\/01\/FluBot-Malware-Now-Targets-Europe-Assuming-as-the-Flash-Player-Application-featured-image.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"524\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Xiarch Security\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@xiarch\" \/>\n<meta name=\"twitter:site\" content=\"@xiarch\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Xiarch Security\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/xiarch.com\/blog\/flubot-malware-now-targets-europe-assuming-as-the-flash-player-application\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/flubot-malware-now-targets-europe-assuming-as-the-flash-player-application\/\"},\"author\":{\"name\":\"Xiarch Security\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\"},\"headline\":\"FluBot Malware Now Targets Europe Assuming as the Flash Player Application\",\"datePublished\":\"2022-01-08T16:54:17+00:00\",\"dateModified\":\"2022-01-08T16:54:19+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/xiarch.com\/blog\/flubot-malware-now-targets-europe-assuming-as-the-flash-player-application\/\"},\"wordCount\":469,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"articleSection\":[\"Vulnerabilities\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/xiarch.com\/blog\/flubot-malware-now-targets-europe-assuming-as-the-flash-player-application\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/xiarch.com\/blog\/flubot-malware-now-targets-europe-assuming-as-the-flash-player-application\/\",\"url\":\"https:\/\/xiarch.com\/blog\/flubot-malware-now-targets-europe-assuming-as-the-flash-player-application\/\",\"name\":\"FluBot Malware Now Targets Europe Assuming as the Flash Player Application - Xiarch Solutions Private Limited\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#website\"},\"datePublished\":\"2022-01-08T16:54:17+00:00\",\"dateModified\":\"2022-01-08T16:54:19+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/xiarch.com\/blog\/flubot-malware-now-targets-europe-assuming-as-the-flash-player-application\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/xiarch.com\/blog\/flubot-malware-now-targets-europe-assuming-as-the-flash-player-application\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/xiarch.com\/blog\/flubot-malware-now-targets-europe-assuming-as-the-flash-player-application\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/xiarch.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"FluBot Malware Now Targets Europe Assuming as the Flash Player Application\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/xiarch.com\/blog\/#website\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"name\":\"Xiarch Solutions Private Limited\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/xiarch.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\",\"name\":\"Xiarch\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"contentUrl\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"width\":300,\"height\":300,\"caption\":\"Xiarch\"},\"image\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/xiarch\/\",\"https:\/\/twitter.com\/xiarch\",\"https:\/\/www.linkedin.com\/company\/xiarch\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\",\"name\":\"Xiarch Security\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"caption\":\"Xiarch Security\"},\"sameAs\":[\"https:\/\/xiarch.com\/blog\/\"],\"url\":\"https:\/\/xiarch.com\/blog\/author\/vector\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"FluBot Malware Now Targets Europe Assuming as the Flash Player Application - Xiarch Solutions Private Limited","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/xiarch.com\/blog\/flubot-malware-now-targets-europe-assuming-as-the-flash-player-application\/","og_locale":"en_US","og_type":"article","og_title":"FluBot Malware Now Targets Europe Assuming as the Flash Player Application - Xiarch Solutions Private Limited","og_description":"The extensively appropriated FluBot malware extends to emerge, with new campaigns allocating the malware as Flash Player and the developers adding new features. FluBot is an Android banking trojan that hijacks credentials by displaying overlay login forms against many banks across the world. The SMS Phishing (smishing) allurement for its distribution consists of fake security […]","og_url":"https:\/\/xiarch.com\/blog\/flubot-malware-now-targets-europe-assuming-as-the-flash-player-application\/","og_site_name":"Xiarch Solutions Private Limited","article_publisher":"https:\/\/www.facebook.com\/xiarch\/","article_published_time":"2022-01-08T16:54:17+00:00","article_modified_time":"2022-01-08T16:54:19+00:00","og_image":[{"width":1000,"height":524,"url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2022\/01\/FluBot-Malware-Now-Targets-Europe-Assuming-as-the-Flash-Player-Application-featured-image.jpg","type":"image\/jpeg"}],"author":"Xiarch Security","twitter_card":"summary_large_image","twitter_creator":"@xiarch","twitter_site":"@xiarch","twitter_misc":{"Written by":"Xiarch Security","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/xiarch.com\/blog\/flubot-malware-now-targets-europe-assuming-as-the-flash-player-application\/#article","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/flubot-malware-now-targets-europe-assuming-as-the-flash-player-application\/"},"author":{"name":"Xiarch Security","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c"},"headline":"FluBot Malware Now Targets Europe Assuming as the Flash Player Application","datePublished":"2022-01-08T16:54:17+00:00","dateModified":"2022-01-08T16:54:19+00:00","mainEntityOfPage":{"@id":"https:\/\/xiarch.com\/blog\/flubot-malware-now-targets-europe-assuming-as-the-flash-player-application\/"},"wordCount":469,"commentCount":0,"publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"articleSection":["Vulnerabilities"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/xiarch.com\/blog\/flubot-malware-now-targets-europe-assuming-as-the-flash-player-application\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/xiarch.com\/blog\/flubot-malware-now-targets-europe-assuming-as-the-flash-player-application\/","url":"https:\/\/xiarch.com\/blog\/flubot-malware-now-targets-europe-assuming-as-the-flash-player-application\/","name":"FluBot Malware Now Targets Europe Assuming as the Flash Player Application - Xiarch Solutions Private Limited","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/#website"},"datePublished":"2022-01-08T16:54:17+00:00","dateModified":"2022-01-08T16:54:19+00:00","breadcrumb":{"@id":"https:\/\/xiarch.com\/blog\/flubot-malware-now-targets-europe-assuming-as-the-flash-player-application\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/xiarch.com\/blog\/flubot-malware-now-targets-europe-assuming-as-the-flash-player-application\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/xiarch.com\/blog\/flubot-malware-now-targets-europe-assuming-as-the-flash-player-application\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/xiarch.com\/blog\/"},{"@type":"ListItem","position":2,"name":"FluBot Malware Now Targets Europe Assuming as the Flash Player Application"}]},{"@type":"WebSite","@id":"https:\/\/xiarch.com\/blog\/#website","url":"https:\/\/xiarch.com\/blog\/","name":"Xiarch Solutions Private Limited","description":"","publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/xiarch.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/xiarch.com\/blog\/#organization","name":"Xiarch","url":"https:\/\/xiarch.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","contentUrl":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","width":300,"height":300,"caption":"Xiarch"},"image":{"@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/xiarch\/","https:\/\/twitter.com\/xiarch","https:\/\/www.linkedin.com\/company\/xiarch"]},{"@type":"Person","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c","name":"Xiarch Security","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","caption":"Xiarch Security"},"sameAs":["https:\/\/xiarch.com\/blog\/"],"url":"https:\/\/xiarch.com\/blog\/author\/vector\/"}]}},"_links":{"self":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/4174"}],"collection":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/comments?post=4174"}],"version-history":[{"count":1,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/4174\/revisions"}],"predecessor-version":[{"id":4181,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/4174\/revisions\/4181"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media\/4180"}],"wp:attachment":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media?parent=4174"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/categories?post=4174"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/tags?post=4174"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
![\"FluBot-Malware-Now-Targets-Europe-Assuming-as-the-Flash-Player-Application-image1\"](\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2022\/01\/FluBot-Malware-Now-Targets-Europe-Assuming-as-the-Flash-Player-Application-image1-1024x606.jpg\")
<\/figure><\/div>\n\n\n\n![\"FluBot-Malware-Now-Targets-Europe-Assuming-as-the-Flash-Player-Application-image2\"](\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2022\/01\/FluBot-Malware-Now-Targets-Europe-Assuming-as-the-Flash-Player-Application-image2.jpg\")
<\/figure><\/div>\n\n\n\n![\"FluBot-Malware-Now-Targets-Europe-Assuming-as-the-Flash-Player-Application-image3\"](\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2022\/01\/FluBot-Malware-Now-Targets-Europe-Assuming-as-the-Flash-Player-Application-image3-1024x576.jpg\")
<\/figure><\/div>\n\n\n\n![\"FluBot-Malware-Now-Targets-Europe-Assuming-as-the-Flash-Player-Application-image4\"](\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2022\/01\/FluBot-Malware-Now-Targets-Europe-Assuming-as-the-Flash-Player-Application-image4-1024x813.png\")
<\/figure><\/div>\n\n\n\n