SMS scams have become one of the biggest headaches for users. Especially in Spain. For months, the National Cybersecurity Institute (Incibe) and several companies have been warning about a malicious campaign in which cybercriminals impersonate messaging companies through text messages, such as FedEx The Post, with the aim of tricking users into downloading a Trojan-type virus known as Flubot, which is intended to steal personal information, specifically bank passwords, from the attacked device.
Recently the Swiss cybersecurity company Prodaft has pointed out that 97% of the victims of this cyber scam are residents of our country. According to their data, the cybercriminals behind have already managed to infect 60,000 Android devices and steal the phone numbers of 11 million Internet users. That is, they have the number of approximately one in four Spaniards. “We estimate that this virus is capable of collecting all telephone numbers in Spain in a period of six months if no action is taken,” he explains. Prodaft in your research.
The company points out that the group of cybercriminals behind this campaign has managed to steal that huge number of numbers thanks to the sophistication of the virus. In addition to stealing bank keys, it allows the operator collect the victim’s address book on your command and control server. This implies that, if he manages to ‘hack’ a ‘smartphone’, he takes all the victim’s numbers.
Several cybersecurity companies, such as ESET, have been warning in Spain for more than a month about the danger of this campaign. According to them, it is specifically designed to attack users with mobiles with an Android operating system. It all starts with an SMS in which cybercriminals, impersonating Correos, FedEx or DHL or another company, claim that the user is waiting for a package and share a link for you to follow up. If you ‘click’ on it, the criminals redirect you to a scam page where it is explained that, to locate the package, you must download an application.
The problem is that this ‘app’, which cannot be downloaded from the Google Play Store, the official Android store, is it really the banking trojan. If it is installed and run, it will infect the ‘smartphone’, access the Internet banking passwords and intercept the double-factor authentication messages sent by banks to confirm money transfers. Therefore, criminals will be able to empty the victim’s accounts without her being aware.
“It is a very well orchestrated campaign and it is aimed specifically at Spain, although it is already reaching other places, such as Poland. Banking Trojans in our country work very well ”, Josep Albors, ESET’s head of research and awareness, recently explained to ABC about this campaign. The expert pointed out that in Spain many people “are still not aware that these threats exist”, which is why they become a major target for the cybercriminal groups that use them.