FluBot is making news again by targeting New Zealanders by sending text messages on Android phones. The malicious app laden with malware infect a phone if the user clicks on a link to download the app.

What happened?

Recently, New Zealand CERT NZ has released a warning regarding the same.
  • The spam SMS messages are used to redirect targets to malicious installation pages. These pages are supposed to be pending/missing parcel deliveries or stolen photos uploaded online.
  • After the successful infection, FluBot operators use the malware to steal payment information, text messages, contacts, and banking credentials from compromised devices.

How does the campaign work?

  • Malicious texts are being sent to phone users that contain a link to a lure page that attempts to create a sense of urgency. The lure page urges victims to download a tracking application to get the details about their parcel.
  • In another variation of the campaign, users are redirected to a page showing a message that the users’ device is infected with the FluBot malware. Subsequently, it urges victims to download the anti-FluBot app.
  • In case of an alert from devices against third-party app installation, the potential victims are urged to enable the installation of such apps.

Recent news snippets

  • In March, the Catalan police arrested four suspects believed to be spreading FluBot. 
  • A few months ago, a Swiss security firm (PRODAFT) claimed that the botnet was controlling around 60,000 devices that collected the phone numbers belonging to 25% of citizens of Spain.


FluBot is still active and coming up with new ways of targeting Android users to steal information. Now, it is using spam SMS messages to fool users into installing malware-laden apps. Thus, users should always be wary of suspicious text messages and use the official app store.

Cyware Publisher