A new smishing campaign is hitting Android and iOS users. The new malware named Flubot scams through a received SMS. Let’s see what smishing is, how the Flubot campaign works and how to defend yourself.
This is a smishing campaign that started at Easter in Romania. The SMS received advertises fake content and usually contains a voice message.
If we had to make a comparison, smishing is to SMS, as phishing is to email accounts. The ultimate goal for both techniques is the same; the attacker is looking for your personal and confidential information, whether phishing or smishing.
The goal of this campaign is to steal sensitive data from poor victims. The recent campaign demonstrates how mobile users today are still unprepared and vulnerable to threats that use smishing as an attack vector.
According to Bitdefender, the campaign uses the same smishing techniques used for other scams in the past.
Flubit affects Android and iPhone users equally, but Android users remain the primary target of cybercriminals.
As we said before, it is still too easy to convince a user to click on a link that arrives via SMS or via a message on instant messaging applications.
If the victim clicks on the link in the SMS, he is redirected to a screen that asks to install an unknown application: “a fake answering machine app,” which would be used to listen to the voice message.
Malware asks victims for specific permissions to perform malicious operations. The unprepared user does not have any problem granting them. Here is the second error of the user; the first is the click on the link received, and the second is the installation of the malicious app.
Flubit is designed to steal information and credit card credentials from poor victims; this allows the cybercriminal to steal money and attack victims’ accounts; the malware mimics a series of real application icons to disguise itself and spread.
The malware does not run on Apple IOS, but when iPhone owners access the infected links, they are redirected to phishing sites.
The scam encourages victims to answer market research questions to receive an iPhone 13 in exchange for cooperation.
These campaigns’ success factors are the absence of defense software installed on mobile devices. Security solutions must be established to detect this malware and any social engineering vector created to distribute and activate this scam.
If you think about it nowadays, our mobile devices handle a crazy amount of personal information, which simultaneously becomes a vast treasure for cybercriminals who, with this data, can lead a wide range of obviously illegal activities.
Always be wary of announcements received that promise prices are not possible; for the latest model of iPhone, you can not pay 50-100 euros, or you have an investment voucher equal to 200 euros waiting for you. IMPOSSIBLE nobody gives you anything!
When you receive an email written in incorrect Italian, raise the antennas if there is something underneath; also, if it contains an attachment or a link, trash it immediately.
Search the web to see if other users have already received similar emails.
Remember to keep the safety bar consistently high, the helmet for protection always fastened, and the attention lights always on!
Also Read: What Is Phishing?
The digital era has replaced the long-lasting gaming culture in recent years, especially for GenZ.… Read More
Live visit programming might be great if you believe that a magnificent way should be… Read More
Imagine a world where your donations can traverse the globe in seconds, bypassing traditional banking… Read More
Resource management is strategic not only for the success of projects but also for the… Read More
When your two year mobile phone contract comes to an end, you might find yourself… Read More
In an era where business dynamics shift with dizzying speed, the difference between success and… Read More