Android malware that steals passwords is spreading fast

Google recently boasted about the success of its efforts to protect Google Play Store and Android devices last year mostly using advanced machine learning technology. That, however, doesn't cover apps acquired outside of the Play Store and the phones that install those. Sometimes, Android's own open nature sometimes works against it because of that, like the case of this FluBot malware that's spreading rapidly like a real virus, spreading to people in your phone's address book to steal their passwords.

The way the malware works isn't exactly that sophisticated and relies on good old-fashioned social engineering. Victims receive a text message claiming to be from a popular courier service, like DHL or Amazon. The message includes a link that it recommends people tap on to track their package.

As most would have probably guessed, that link opens up a web page that instead downloads an Android APK and asks users to install it. By default, Android doesn't allow installing from unverified, third-party sources but the site is kind enough to provide instructions on how to change that. Once a phone has been infected, it reportedly steals passwords, online bank details, and other sensitive information stored on the phone.

Like the flu, this FluBot malware also looks into your phone's address book to send the same phishing message to people there, which is how it is spreading quickly to Android phones. Given how locked down iPhones are, owners of Apple's iOS devices are immune to this trick but the UK's National Cyber Security Centre (NCSC) still recommends that iPhone users should play it safe and don't open those links anyway.

The report does raise the question of how passwords and login credentials, which are often encrypted or protected on Android and most browsers, can get so easily stolen, though that isn't exactly unheard of. Unfortunately, there is no fix for those already infected other than to factory reset their phone. It might not be so bad for those with backups but users should be careful when restoring backups made after getting infected by the FluBot.