Privacy Ninja

FluBot Android Malware Operation Shutdown by Law Enforcement

FluBot Android Malware Operation Shutdown by Law Enforcement

Europol has announced the takedown of the FluBot operation, one of the largest and fastest-growing Android malware operations in existence.

The malware operation’s takedown resulted from a law enforcement operation involving eleven countries following a complex technical investigation to pinpoint FluBot’s most critical infrastructure.

The participants in the operation were Australia, Belgium, Finland, Hungary, Ireland, Spain, Sweden, Switzerland, the Netherlands, and the United States.

Also Read: Do Not Call Registry Penalty: Important Tips To Consider

“Known as FluBot, this Android malware has been spreading aggressively through SMS, stealing passwords, online banking details, and other sensitive information from infected smartphones across the world. Its infrastructure was successfully disrupted earlier in May by the Dutch Police (Politie), rendering this strain of malware inactive.” – Europol.

As the Dutch Police announced today, they have disconnected ten thousand victims from the FluBot network and prevented over 6.5 million spam SMS from reaching prospective victims.

In March 2021, the police in Spain arrested four suspects who were then considered key members of the FluBot operation, as the malware had primarily infected users in the region.

The hiatus in its distribution was momentary, though, as the malware rebounded to unprecedented levels targeting multiple other countries beyond Spain.

This time, however, Europol underlines that the FluBot infrastructure is under the control of law enforcement, so there can be no re-ignite.

At this time, no announcements about any arrests have been made, so we assume that the action was focused on disrupting the malware’s infrastructure at this stage.

FluBot’s rapid proliferation

FluBot is an Android malware that steals banking and cryptocurrency account credentials by overlaying phishing pages on top of the interface of the legitimate apps when the victims open them.

Additionally, it can access SMS content and monitor notifications, so two-factor authentication and OTP codes can be snatched on the fly.

Its rapid proliferation is thanks to the abuse of the contact list of infected devices to send SMS to all contacts through a person they trust.

The person whose device is abused for spamming doesn’t notice anything odd as everything happens in the background.

This way, by achieving only a handful of infections, FluBot quickly increased the number of victims in certain places around the globe and spread like wildfire there.

Also Read: Facts About Accountability PDF That You Need to Know About

FluBot's main operation scheme
FluBot’s main operation scheme (Europol)

As for the methods of distribution for “patient-zero,” these include laced apps on the Google Play Store, fake parcel delivery messagesFlash Player app updates, and many more.

If you think FluBot might have infected your device, Europol suggests you perform a factory reset that wipes all data in the partitions that can host malware.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.

Powered by WhatsApp Chat

× Chat with us