Europol shuts down FluBot malware operation alongside 11 countries
Jonathan Greig June 1, 2022

Europol shuts down FluBot malware operation alongside 11 countries

Europol shuts down FluBot malware operation alongside 11 countries

Europol announced on Wednesday that it coordinated with nearly a dozen countries to take down the operation behind the prolific Android malware FluBot. 

Since 2020, the FluBot malware strain has been accused of infecting at least 60,000 devices, with most victims located in Spain. Law enforcement agencies conducted several raids in Barcelona last year to bring down the group behind it, but the malware has continued to spread across Finland, Germany, the UK and Japan. 

On Wednesday, Europol said the infrastructure behind the malware was disrupted in May by the Dutch Police after law enforcement authorities of Australia, Belgium, Finland, Hungary, Ireland, Spain, Sweden, Switzerland and the U.S. worked to investigate the gang. 

Dutch Police explained on Wednesday that they disconnected 10,000 victims of the malware from the FluBot network during their raid.

Europol noted that it is still investigating the group to identify people behind the malware. 

The dangerous Android banking trojan can show fake login screens on top of legitimate apps to collect e-banking credentials and payment card details from device owners. 

Security firm ThreatFabric said last year that the malware was able to spread through SMS texts more than other banking trojans because of a “clever worm-like mechanism inside its code that allows the malware’s operator to collect the victim’s address book on their command-and-control server.”

The malware is generally installed through text messages that ask victims to click links or install apps related to package delivery or fake voicemails. 

“This strain of malware was able to spread like wildfire due to its ability to access an infected smartphone’s contacts. Messages containing links to the FluBot malware were then sent to these numbers, helping spread the malware ever further,” Europol explained. 

Researchers at PRODAFT previously said the access to a user’s contacts allowed the group to collect more than 11 million phone numbers in Spain, representing about 25% of the population. If no action was taken, they theorized that the group behind FluBot could collect all of the phone numbers in Spain within 6 months. 

“This FluBot infrastructure is now under the control of law enforcement, putting a stop to the destructive spiral,” Europol explained on Wednesday. 

“With cases spreading across Europe and Australia, international police cooperation was central in taking down the FluBot criminal infrastructure.”

The takedown was coordinated by Europol’s European Cybercrime Centre and brought together Australian Federal Police, Belgian Federal Police, the National Bureau of Investigation in Finalnd, Hungary’s National Bureau of Investigation, Ireland’s An Garda Síochána, Romanian Police, Swedish Police Authority, Switzerland’s Federal Office of Police, the Spanish National Police, the Dutch National Police and the U.S. Secret Service. 

Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.