The article by Umberto Rapetto, director of infosec.news
This time if you say that it is "a package" referring to a hoax, you are not mistaken. The last trap for those who use a smartphone or tablet is called “FluBot” and is a “spyware”, that is a software that steals passwords and other confidential data with particular preference for those used to carry out banking operations via the Internet.
HOW "FLUBOT" WORKS
It all begins with a trivial text message that informs the recipient of the failure to deliver a package that had to be delivered. Whoever writes the communication pretends to be the transport company DHL and, in apologizing for the involuntary disservice, asks the predestined victim to install an "app" that allows the tracking of the shipment and avoids nasty surprises.
The monitoring program would seem the panacea to overcome the stress of waiting and therefore those who receive such a solicitation are immediately led to put into practice what is recommended, especially if they are waiting for any delivery or are intrigued by the thought that someone may have them. sent something.
The damn installation of the malicious program does not require any effort because the bandits provide the link whose selection with the fingertip on the display immediately triggers the "bomb".
As if he had pulled the trigger of a gun aimed at his head, the victim with the too lively finger activates a series of malicious instructions that instantly steal the keywords, secret codes and many other information used by the user for the most diverse purposes ( such as, for example, logging into your online account and making a transfer…).
The problem seems to concern only the owners of mobile devices (smartphones and tablets) equipped with an Android operating system such as those produced by Samsung and Huawei, but it is not certain that the criminals are not devising an "app" even for those who use Apple devices.
Whoever ends up in this digital trap becomes a "greaser" in turn: the spyware, which immediately gained access to the address book, will use that phone to multiply the evil message that will thus be able to reach all the contacts of the newly "infected" person … .
If you receive a "suspicious" text message:
1) you must not click on the "link",
2) you must be careful not to install any kind of application that is suggested in similar ways,
3) delete the message,
4) if you really expect a delivery from DHL it is preferable to visit the official website of the shipping company or connect directly ( here the link , the real one) to the traceability page to proceed with the effective monitoring of the incoming package,
5) as a precaution perform a "back-up" and activate (if you have not already done so) the automatic data saving procedure.
WHAT IF YOU HAVE ALREADY "CLICKED"?
Who unintentionally (or in any case without the necessary awareness) has selected the link to download the application must perform the following steps to "clean up" their device and avoid the theft of accounts and passwords by cyber criminals:
a) avoid using their own identification codes and corresponding keywords before completing the "remediation" path of the available equipment,
b) "reset" the smartphone or tablet, performing a factory reset as soon as possible,
c) take into account that the procedure for this operation will vary according to the manufacturer of the device and will require time and patience,
d) be aware that if you have not enabled the back-up (i.e. the periodic backup copy, often even daily) all data will be lost,
e) be aware that only a possible back-up prior to the installation of the "app" that contains the spyware is valid, because otherwise it results in a transfer with already infected files and all efforts are useless,
f) once the "reset" is complete, reinstall the information and programs that have been "saved" with the back-up (obviously if this is available and is "older" than the loading of the malicious software).
A FEW STRIKES FOR THE FUTURE
If you intend to protect your accounts (professional, banking, e-mail, leisure or other) it is good to change the respective passwords, remembering that it is preferable that the "keys" are different for each "lock".
In addition to carrying out a "global" back-up, if you have important documents or photos that you are interested in not losing, it is absolutely worth making a copy to be placed on an external magnetic support to be stored carefully and not to be left around. .
A good antivirus and any other security software can be an important precaution to prevent future difficult situations.
Better think about it first so as to avoid getting desperate then …
Article published on infosec.news
This is a machine translation from Italian language of a post published on Start Magazine at the URL https://www.startmag.it/innovazione/vi-spiego-come-ci-si-salva-dal-malware-flubot/ on Sat, 08 May 2021 13:45:49 +0000.