FluBot is a new Android malware first discovered in December 2020. During the first few months, FluBot has been active in Spain, Hungary and Poland. Since then, the development of the malware advanced quickly and the malware has set foot in almost all European countries.
On the 18th of June 2021 FluBot version 4.6 was spotted which added a configuration for Switzerland. As of today it is actively being spamertized through SMS.
FluBot is known by different names. The name “FluBot” is best known because this was the name given in the first public technical writing. Below the reference to the most well known aliases:
January 2021, ThreatFabric was the first to give it the name “Cabassous” in a Twitter post
March 2021, ProDaft published a detailed technical report and gave it the name “FluBot”
April 2021, IBM Trusteer took a deeper look at the different FluBot versions and gave it the name “FakeChat“
FluBot is distributed using smishing (a combination from the words SMS and phishing). The victim receives an SMS with a link to an URL which distributes the APK. The installation is straight forward using sideloading.