FluBot is a banking trojan, and it appeared in a fake Flash Player app for Android
For those of you who don’t know, FluBot is a banking trojan. Its goal is to steal your banking credentials by sending you to login forms for various banks all over the world. FluBot has appeared in a fake Flash Player app, but it also poses as fake security updates, voicemail memos, and parcel delivery notices. So, you really need to be careful. If your device gets infected by FluBot, as in if you install the app and give it necessary permissions, it can steal online banking credentials, send and intercept SMS messages, and even capture screenshots, reports Bleeping Computer. Now, some of you are probably interested in whether this fake Flash Player is available via the Play Store. The answer to that question is no, it’s not. It’s actually shared via a link, in form of an SMS message, at least in an example provided by the source. Users receive an SMS containing a link that leads them to a page to download a fake Flash Player APK. That ends up installing FluBot malware on devices. If you’re at all careful in using your phone, you’d never do this.
You should avoid sketchy links, and never download APKs from unknown sources
First and foremost, such links are sketchy from the get go. Second of all, non-tech-savvy people should never download third-party APKs and install them on devices. The bottom line is, you should stick to official channels when installing APKs. FluBot, unfortunately, evolved. In its latest version, it connects to the C2 through DNS tunneling over HTTPS, while it used a direct HTTPS port 443 before. You can get more information about the changes in the latest version by clicking here. How to stay safe from this malware? Easy, don’t open suspicious links that you receive, especially those via SMS messages and emails. If you end up doing that, don’t download anything from those links, let alone APKs.