Month: June 2021

The May/June 2021 issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our bi-monthly SWITCH Security Report is available!

The topics covered in this report are:

  • Back and forth in the pipeline: hacking and rehacking the US fuel firm Colonial Pipeline with Ransomware as a Service
  • Meat and greed – the world’s largest meat processing company pays a hefty USD 11 million ransom after a ransomware attack
  • When Android devices catch the flu: FluBot, the banking trojan, spreads to Android devices
  • Russian cyber spies attack government and NGO networks

The Security Report is available in both English and German.

»»  Download the English report.     »»  Download the German report.

Android FluBot enters Switzerland

FluBot is a new Android malware first discovered in December 2020. During the first few months, FluBot has been active in Spain, Hungary and Poland. Since then, the development of the malware advanced quickly and the malware has set foot in almost all European countries.

On the 18th of June 2021 FluBot version 4.6 was spotted which added a configuration for Switzerland. As of today it is actively being spamertized through SMS.

Alias Names

FluBot is known by different names. The name “FluBot” is best known because this was the name given in the first public technical writing. Below the reference to the most well known aliases:

  • January 2021, ThreatFabric was the first to give it the name “Cabassous” in a Twitter post
  • March 2021, ProDaft published a detailed technical report and gave it the name “FluBot”
  • April 2021, IBM Trusteer took a deeper look at the different FluBot versions and gave it the name “FakeChat

Distribution

FluBot is distributed using smishing (a combination from the words SMS and phishing). The victim receives an SMS with a link to an URL which distributes the APK. The installation is straight forward using sideloading.

Continue reading “Android FluBot enters Switzerland”