It can infiltrate both Android and iOS devices
A bogus SMS text claiming to be package delivery notification is actually mobile malware spread by hackers seeking to distribute malicious apps laced with the banking trojan FluBot (aka Cabassous).
Once the malware is downloaded, the app can intercept SMS messages, steal contact information, and display screen overlays to trick users into handing over their credentials.
Schless said: “And what’s unique about the campaign is that it has different kill chains depending on whether the target uses an iOS or Android device. For Android and some iOS victims, they are directed to a website that prompts them to download an app.
“For other iOS targets, they are shown fake online banking pages to trick them into giving up their credentials.What makes FluBot more sophisticated than other MaaS is its use of a domain generated algorithm (DGA). This algorithm creates slightly different variations of a given domain name – a technique known as domain fluxing – to hide its command-and-control server IP address among a long list of benign domains.
“As we’ve seen with BancaMarStealer, MaaS trojans are frequently reused. Since FluBot is even stealthier than BancaMarSteeler, it is very likely that we will see similar growth in FluBot variants”.