Europol Destroyed the FluBot Trojan Infrastructure

Europol announced that law enforcement officers, as a result of an international operation, destroyed one of the fastest-spreading malware – the FluBot Trojan.

Let me remind you that we also talked about the fact that Law enforcement officers closed the hacker resource RaidForums, and also that the US authorities arrest Kaseya hacker and attacker associated with REvil and GandCrab.

11 countries participated in the FluBot malware eradication operation.

Europol’s European Cybercrime Centre brought together the national investigators in the affected countries to establish a joint strategy, provided digital forensic support and facilitated the exchange of operational information needed to prepare for the final phase of the action. The J-CAT, hosted at Europol, also supported the investigation. A virtual command post was also set up by Europol on the day of the takedown to ensure seamless coordination between all the authorities involved.Europol experts said.

According to law enforcers, FluBot actively spread via text messages, stealing passwords, bank details and other confidential information from infected smartphones. The infrastructure supporting the Trojan was destroyed by the Dutch police in May, leaving the malware inactive, Europol reports.

FluBot was first seen in December 2020, when the malware swept the world in a wave, hacking into millions of devices. The Trojan’s hallmark was its method of distribution – harmless SMS messages. In them, the victim was asked to follow a link and install and install an application to track packages or listen to a fake voice message.

After installation, FluBot requested permission to access device data. Once they gained access, the hackers stole the credentials of the victims’ banking applications and cryptocurrency accounts, and then disabled the built-in security mechanisms.

Since the malware could access the contact list, it spreadsg like a natural disaster, sending messages with links to FluBot to all the victim’s contacts.

This strain of malware was able to spread like wildfire due to its ability to access an infected smartphone’s contacts. Messages containing links to the FluBot malware were then sent to these numbers, helping spread the malware ever further.Europol experts said.

According to Europol, experts are still looking for attackers who distributed FluBot around the world.

Recall that not so long ago a wave of FluBot infections took place in Finland. Within 24 hours, the malware managed to infect the devices of tens of thousands of victims.