While we humans are still struggling with our own 21st century pandemic, Android devices have apparently had their own strain of flu in recent weeks: “FluBot” (aka “FakeChat”, aka “Cabassous”). This new Android malware started to spread in Europe. Once installed, it tries to steal login information like passwords, but also personal details and banking information. As a banking Trojan, it is ultimately trying to break into your bank accounts to steal your money. In parallel, it tries to spread to other victims via SMS sent from infected devices.

What’s interesting about FluBot is that just two clicks are enough to get your device infected. The first click opens a malicious web link, a bad email, a fake text message or a nasty WhatsApp notification pretending to come from a Telecom provider (with which you have no subscription), a package delivery service (when you’re not expecting a parcel), the local tax authorities, etc. And the second, disguised as a notification that you need to install an essential app (“Delivery manager”, “Your Telco invoices”, “Tax submission portal”) linked to that message, compromises your device. As with our famous clicking campaign (see our Bulletin article “The truth lies in the URL”), two clicks are enough to compromise your device, lose your personal data and, if the worst comes to the worst, have your banking details and money stolen!!!

Contrary to iOS devices, the underlying problem with Android devices is that AndroidOS allows you to install apps from any source, not only the central Google Play Store. Apple tightly restricts, controls and dictates which apps are permitted to propagate to iOS end-devices, whereas Google does not. Its policy is much more liberal, which leads to the problem of (malicious) app installation from (malicious) third parties. While there might be many other pros and cons, curation and centralisation come with security benefits…

So, once more, in order to protect yourself, your assets, your private and, consequently, also your professional life: STOP – THINK – DON’T CLICK! Be vigilant and suspicious. Watch out for dubious messages. Did you expect that message? Is it reasonable? Check the URL behind a link-to-be-clicked. Does it look fine, with a domain name (“cern.ch”, for example) related to the message? If in any doubt, just hold on. Either ignore or delete that message, or check with us at Computer.Security@cern.ch.

Of course, although Android devices are the focus here, “STOP – THINK – DON’T CLICK!” should be your general mantra when dealing with unexpected messages and weblinks. Protect your Windows, Linux and Apple devices! Protect your digital assets! Protect your digital life (“What do apartments and computers have in common”)!!!

______

Do you want to learn more about computer security incidents and issues at CERN? Follow our Monthly Report. For further information, questions or help, check our website or contact us at Computer.Security@cern.ch.