Dutch Android Users Targeted By Malicious Text Messages


Dutch Android users are the target of rogue text messages that link to the malware. Previously, users in Belgium, Germany and the United Kingdom were already attacked in the same way. The messages seem to come from DHL, DHL Express and UPS and state that the recipient can track a package by installing the linked app. In reality, it concerns the FluBot and Anatsa malware.


FluBot is a banking Trojan that, among other things, tries to steal data in order to commit bank fraud. Once installed by the user, FluBot can intercept and send SMS messages, read the address book, call phone numbers and disable Google Play Protect. Its main purpose, however, is phishing. The malware checks which applications are installed on the device.


In the case of banking applications, the FluBot will download a separate phishing page for this. As soon as the victim starts the legitimate banking app, FluBot places the phishing page on it. Login details that users then enter on the phishing page are sent to the attacker. In addition, the malware can display phishing pages for credit card information. The Anatsa was also developed to steal credit card information and commit bank fraud.


"When you install the app, the scammer can send fake text messages on behalf of your number to random people in large numbers with the malicious link. The app can also incur call charges and other charges from your device that you see on the phone bill." warns the Fraud Help Desk . The organization advises victims who are infected to contact the provider and telephone provider as soon as possible to prevent further damage.


"This Android malware aims to empty your bank account or steal your credit card details," writes Huub Roem , forensic IT expert at ING, on LinkedIn. "When you receive such an SMS, you know 2 things: 1. The sender of the received SMS has an Android smartphone and is also infected with a fake DHL app. 2. An Android smartphone of one or more of your relations has your telephone number. in his / her address book and also has the fake DHP app installed. "



Security company ThreatFabric informs Hackers-review.net that it sees infections in the Netherlands increasing by thousands. A screenshot that the company shared with Security.NL shows that the Anatsa malware can attack all kinds of Dutch banking apps. KPN recently announced that victims of FluBot could be faced with a higher telephone bill due to the malicious text messages sent by the malware. In case of Anatsa or FluBot infected Android device, users are recommended to perform a factory reset.

Previous Post Next Post