How do I track the bulk SMS sender
"Your package arrives": Links in the wrong tracking SMS lead to banking Trojans
The security software company ESET is currently warning of an SMS spam campaign aimed, among other things, at Android users in Germany. At first glance, the messages are shipment notifications for packages, typically with the words: "Your package is arriving, track it here". However, users should not click on the link included: According to ESET, it leads to phishing websites where a banking Trojan is lurking.
According to ESET, the SMS with the malicious code have been landing on smartphones in Germany at least since March 15, i.e. since the beginning of last week. The sender numbers vary as do the URLS in the messages, but what they have in common - at least in the case of the examples available to the editorial staff - is that they have nothing to do with parcel services. An example (slightly alienated to be on the safe side) is about h **** // a4hdepa ** age.cm / id /? 9qk2 *** e2b *.
Malware disguises itself as a parcel tracking app
As explained by ESET's blog entry on the spam campaign, the links lead to a website intended to be reminiscent of that of the logistics company FedEx; but there are also variants with logos from DHL and the Spanish company Correos. There the user is asked to install an alleged tracking app. According to ESET, this is in turn the Android-specific banking Trojan FluBot.
ESET employee Lukas Stefanko demonstrated the entire process from opening a malicious link to installing a complete FluBot in a video on Twitter. Several user interactions in the form of granting authorizations are therefore necessary so that the Trojan can completely settle in the system. According to ESET, these include "viewing notifications, reading and writing SMS messages, accessing the contact list and making calls".
Sending SMS to copied contact details
FluBot is targeting data from apps from banks and cryptocurrency exchanges and has the ability to intercept one-time passwords for two-factor authentication (2FA) from SMS. Overlay attacks, in which the Trojan imitates and replaces user interfaces of (banking) apps, are also possible. According to ESET, the Trojan reads phone numbers from the contact lists of its victims in order to spread itself. According to analyzes, "over 11 million telephone numbers have been stolen, mainly in Spain" since March 5th. There have already been arrests "in connection with the case"; however, the spread of the malware has continued so far.
Since an infection with FluBot requires that those affected actively install the alleged banking app, ignoring (or deleting) suspicious SMS offers effective protection against the malicious code.
(ovw)Read comments (85) Go to homepage
Whether security holes, viruses or Trojans - all security-relevant messages are available from heise Security
- How do Canadians feel about foreign workers?
- Is Pinocchio a Grimm fairy tale
- Punctuation How is the symbol written?
- Which is the most popular sport in the world
- What makes a reasonable person
- Why do students commit suicide
- What types of cancer are associated with obesity
- How does the K12 International Academy work
- How does overeating lead to obesity?
- How does Vietnam see China
- Why am i so depressed
- Magnets can work forever
- Money buys luck or people
- What is used now instead of VBA
- Who doesn't like morning sex and why
- Does the United States actually exist?
- What's the highest number in math
- Cognitive training is difficult
- Which coin is best to invest now
- What is the importance of the animal world 3
- How hard is it to learn Hebrew
- Can robots survive without humanity?
- Korean men like Indian girls
- What is bulk SMS 1