Europol’s European Cybercrime Center (EC3) has announced an international law enforcement operation involving 11 countries, which has resulted in the removal of so-called “flubot” spyware.
Technological breakthroughs are reported to have involved law enforcement authorities in Australia, Belgium, Finland, Hungary, Ireland, Spain, Sweden, Switzerland, the Netherlands and the United States, and have followed an investigation coordinated by EC3.
“As the case spread across Europe and Australia, international police cooperation was focused on removing Flubut’s criminal infrastructure,” EC3 said.
Written in a blog PostEuropol says the task force’s actions were motivated by Android malware, which spreads aggressively through SMS, password theft, online banking details and other sensitive information from infected smartphones around the world.
Now, Europol has confirmed that Flubut’s infrastructure has been successfully placed under the control of law enforcement agencies, following a May operation by Dutch police, whose activities have deactivated the malware strain.
For context, Flubut was first seen in the wild in December 2020, but gained traction only in 2021, when it infected a significant number of devices around the world, especially in Finland and Spain.
Much like TangleBot, FluBot attaches itself to a device via text messages that tells Android users to click on a link and install an application (usually to track package delivery or listen to a fake voicemail message).
Once installed, the app will ask for accessibility permissions, which malicious actors used to steal banking app certificates and cryptocurrency account details, as well as disable built-in security features.
Interpol said the malware was particularly deadly because it accessed the contacts of an infected smartphone and multiplied automatically by forwarding them to the device.
EC3 further explains that since Flubut malware was disguised as an application, it can be difficult to detect.
“There are two ways to tell if an app might be malware: if you tap on an app, and it doesn’t open. [and] If you try to uninstall an app, an error message will be displayed instead. “
Although the Flubot infrastructure is now under the control of the Dutch police force, Europol recommends it to all Android users who believe they have mistakenly installed FluBot to reset their phone to factory settings.
