The phone was infected with Flubot malware – this is what happened

Rousku installed the now-spreading Flubot malware on his phone. DVV / Kimmo Rousku

Last week, Iltalehti reported how the Flubot malware has started to be actively distributed to Android phones in Finland again. The Finnish Transport and Communications Agency Traficom also issued a warning.

The malware is spread with scam messages that try to get it downloaded to your phone. Leading specialist of the Digital and Population Information Agency Kimmo Rousku decided to try how the installation is done. Rousku tweeted about it on his own With their Twitter account.

Rousku tells Iltalehti that he received an SMS message on his phone claiming that he had received mail. The message showed a link that the recipient is trying to open. The theme of the posts varies, but the most recent posts have been post-themed.

– These messages from the Flubot malware campaign have been huge – hundreds of thousands, if not millions, Rousku estimates the situation in Finland.

The story continues after the picture.

When Rousku opened the link, he was taken to a fake website asking him to download the “Voicemail” app, which would allow Rousku to listen to the “message left to him”. Rousku estimates that criminals can try to get a recipient to install malware by using different names from the app.

The story continues after the picture.

Rousku continued to load, but quickly ran into a good problem:

– The Android phone I was using did not agree to install this Voicemail app as such, but the Chrome browser I was using warned me about the dangerous app. I was required to knowingly ignore the warnings. After that, I also had to give the app more rights to catch up on the phone’s messaging traffic, Rousku says.

The story continues after the pictures.

Once the malware was downloaded to your phone, it disappeared.

– The malware was barely visible, but all text messages on the phone disappeared. If you tried to send text messages to your phone, they were not displayed. However, the phone could be called. In the past, malware has been able to partially block incoming calls to prevent the user from being alerted to active malware on your device. I couldn’t confirm this now, Rousku says.

Spreading fast

The working principle of malware is pretty clear. It tries to spread itself to as many new devices as possible. In addition, the application spies on personal information.

– The malware allows it to read all SMS messages as well as instant message notifications – enables the user to break into various services and data, for example to gain financial gain for a criminal.

Rousku states that the application could have gone unnoticed for some time, but the security application on his phone detected the malware and reported it. Rousku thinks that the user detects malware, for example, from lost messages or when they no longer enter the phone. Conversations have shifted to instant messaging services, so the absence of text messages may not be noticed quickly either.

Rousku states that activating the malicious application on his phone required quite a lot of skill and work, it was very easy due to the warnings. However, Rousku notes that there may be differences between different Android platforms.

The story continues after the picture.

Rousku’s infected phone had only one contact, but at least no scam message was sent to this number immediately, even though the malware got this number hooked.

It is difficult to get rid of Flubot malware other than by restoring the factory settings. Rousku says he reset the phone to factory settings, which removed the malware. He also changed the password for the Google Account on his phone.

– If other services had been used on the phone, I would have changed their passwords as well, Rousku says.

Rousku also gave his advice on how to avoid malware:

– Android devices may not install apps from anywhere other than the Google Play App Store. A separate anti-malware program may be useful, including for protecting network traffic over the network.