Police in 11 countries have taken down a mobile phone scam “FluBot” that was spread around the world through fake text messages.
Dutch cybercops led an operation in May targeting the malware, which infected Android phones using texts which pretend to be from a parcel firm or which say a person has a voicemail waiting.
Hackers would then steal bank details from infected phones, which automatically sent messages to other mobiles in the user’s contact list, passing on the scam like a flu virus, according to Dutch and EU police statement issued today.
“To date, we have disconnected 10,000 victims from the FluBot network and prevented over 6.5 million spam text messages,” Dutch police said.
The EU’s police agency Europol said FluBot was among “the fastest-spreading mobile malware to date” and was “able to spread like wildfire due to its ability to access an infected smartphone’s contacts.” Police had made the malware “inactive” but are still hunting the culprits, it said.
“This FluBot infrastructure is now under the control of law enforcement, putting a stop to the destructive spiral,” Europol said.
The countries involved in carrying out the investigation were Australia, the United States, Belgium, Finland, Hungary, Ireland, Romania, Spain, Sweden, Switzerland, and the Netherlands, coordinated by Europol’s cybercrime centre.
FluBot became one of the world’s most notorious cyberscams after it first emerged in December 2020, “wreaking havoc” around the world, Europol said.
The agency said the bug had compromised a “huge number of devices worldwide”, especially in Europe and the United States, with “major incidents” in Spain and Finland. Australian media said last year that FluBot was spreading “like a tsunami” with some users being bombarded by texts.