Watch out for this fake Android security update — it's really malware

1. Dwelling
2. News
3. Security

Scout out for this faux Android security update — it'southward actually malware

(Image credit: Shutterstock)

The notorious FluBot Android banking Trojan has a new, grimly amusing play tricks up its sleeve: Information technology tries to fool you into downloading a false "security update" by warning you nearly ... FluBot itself.

"Your device is infected with the FluBot malware," reads a stark scarlet screen that yous'll come across if you click on a link in a text message. "Android has detected that your device has been infected."

• Your Apple Pay money can be stolen over the air — here's what to do
• The best Android antivirus apps
• Plus: Samsung Galaxy S22 vs. Phone 13: Tin Samsung beat Apple tree?

In fact, your device has NOT been infected yet. But it will be if you do what the bulletin suggests: "Y'all must install an Android security update to remove FluBot."

The actual warning nigh this fake alert came last week from New Zealand's Estimator Emergency Response Squad (CERT NZ), a government agency that alerts citizens and enterprises about cybersecurity threats. (Many countries have a CERT; the U.S. somehow has 2.)

If you are seeing this page, it does not mean yous are infected with Flubot however if you lot follow the false instructions from this page, it Volition infect your device. https://t.co/KrcPhCQB90September 30, 2021

See more than

When last nosotros checked in on FluBot, information technology lured you in with a text message telling you virtually a problem with a packet commitment. A link in the message you lot to a bogus page that said you had to download and fill out a class to go your package. Yous'd be infected yous with FluBot if you followed the instructions.

You may still get that packet-commitment notice, said CERT NZ, which led off with a tweet about the new variant and then followed upwards with a blog post. Or you might be texted a artificial alert that naughty photos of yous had been put online.

Sometimes y'all'll get an epitome of a friendly young woman holding a bundle with the traditional "awarding grade" to download and fill out. Sometimes you'll get the scary image below. (Nosotros appreciate the humor of putting a registered-trademark symbol adjacent to the name of the malware.)

(Image credit: CERT NZ/FluBot)

How to avoid beingness infected by FluBot

"The malicious app volition only infect your phone if [y'all] click the link AND download the app," CERT NZ's blog post said. "Receiving the text does not hateful you are infected. Apple phones tin can receive the message but cannot be infected."

That'southward very true. So are two statements in the bogus FluBot alert screen itself.

"FluBot is an Android spyware that aims to steal financial-login and password data from your device," information technology states. If you have trouble installing the fake "Android security update," then y'all demand to "select 'Settings' and enable the installation of unknown apps."

That's considering past default, Google-provisioned Android phones will install apps just from the official Google Play Store unless the user overrides those settings. That'southward what the fake warning/real FluBot wants yous to do. Don't do it.

Instead, brand sure the default app-loading settings are on. In Android viii or later, become to Settings > Apps > Special access > Install unknown apps, and then make sure that "Not allowed" is adjacent to each app proper name. If you come across an "Allowed", tap on the app and toggle off the switch.

In Android 7 or earlier, become to Settings > Security (or Lockscreen and Security), where you'll see an entry labeled "Unknown sources." Make sure it's toggled off.

You'll also want to be running one of the all-time Android antivirus apps. FluBot has been around for most of 2021, and then most antivirus apps volition recognize and block it right away.

FluBot first appeared in Kingdom of spain in early 2021, spread to other European countries and now is expanding worldwide.

If you get an SMS text message that a package is waiting for you — or especially if you get a text that seems to be about an expensive item, like an iPhone 13, that'south simply waiting to be picked upward — exist very very wary. Don't download random software from links that prove up in text letters, and definitely don't enable unknown sources or unknown apps.

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has besides been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He'south been rooting around in the information-security space for more than than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a console give-and-take at the CEDIA home-technology conference. Yous can follow his rants on Twitter at @snd_wagenseil.

Source: https://www.tomsguide.com/news/flubot-warning-fake-security-update

Posted by: wilsongroul1946.blogspot.com

Share this post