Ad End 1 August 2025
Ad Ends 13 July 2025
ad End 25 October 2025
Ad Ends 20 April 2025
Ad expire at 5 August 2024
banner Expire 9 June 2025
banner Expire 25 October 2025
banner Expire 10 May 2025
Menu
What's new
By:
Filters
Wizard's shop 2.0
Money Club cc shop
banner Expire 15 January 2025
banner Expire 20 October 2024
UniCvv
Yale Lodge
Kfc CLub
adv exp at 30 July 2025
Carding.pw carding forum
BidenCash Shop

Alleged operators of FluBot Android botnet arrested in Spain

File_closed07

File_closed07

TRUSTED VERIFIED SELLER
Staff member
Joined
Jun 13, 2020
Messages
7,907
Reaction score
943
Points
212
Awards
2
  • trusted user
  • Rich User
news554112.png



Arrests were made in Barcelona in connection with the distribution of the banking Trojan FluBot, which hit at least 60,000 Android devices, mainly in Spain. According to reports, botsmen not only emptied accounts with malware, but also laundered stolen money by buying goods for resale with them.

During the police raids, four young men aged 19 to 27 were detained. Two of them, the alleged leaders of the criminal group, were detained, the rest were released, obliged to appear in court every two weeks. During the searches, documents, laptops, cash and mobile phones in unopened packaging were seized - apparently bought with the money of the victims of the infection.

One arrested person, according to investigators, wrote the FluBot code (PDF) and created fake registration pages in online banking systems. Attackers have been spreading the Trojan since the end of last year through links in SMS messages that mimic email notifications or Google Chrome.

When installed, the overlay malware FluBot, aka Fedex Banker (PDF) and Cabassous, asks for permission to access Android's Accessibility Services so that its phishing pages are displayed over the windows of banking applications. The data collected with their help is sent by the bot to its server; he also knows how to intercept one-time codes sent to bank clients to confirm the rights to conduct transactions, and steal contacts from the address book of victims to further spread the infection.

So far, Spanish cybercops have detected 71,000 malicious SMS messages sent out as part of the FluBot campaign. Researchers from the Swiss information security company PRODAFT managed to gain access to the botnet's C2 server. It found data on 60 thousand infections and the phone numbers of 11 million users - 97% of them live in Spain (this is almost a quarter of the country's population).

The analysis showed that to find the C&C server, FluBot launches a DGA generator capable of generating 5,000 domain names per month. To protect C2 communications, the malware uses encryption, with Diffie-Hellman key exchange and the creation of an RSA signature to authenticate the secret key.

As of early January, FluBot's target list consisted of a number of banks doing business in Spain, but variables in Polish and German were found in its code. Currently, the botnet is still active, and the army of sites that download malicious APKs to users' smartphones continues to grow.
__________________
 
You must log in or register to reply here.
Ad End 1 February 2024
Top