Researchers from the Bitdefender Mobile Threats team said they have intercepted more than 100,000 malicious SMS messages attempting to distribute Flubot malware since the beginning of December.
“Findings indicate attackers are modifying their subject lines and using older yet proven scams to entice users to click,” the Romanian cybersecurity firm detailed in a report published Wednesday. “Additionally, attackers are rapidly changing the countries they are targeting in this campaign.”
The new wave of attacks is said to have been most active in Australia, Germany, Poland, Spain, Austria, and Italy, among others, with attacks spreading to newer countries like Romania, the Netherlands, and Thailand starting mid-January.
FluBot (aka Cabassous) campaigns use smishing as the primary delivery method to target potential victims, wherein users receive an SMS message with the question “Is this you in this video?” and are tricked into clicking a link that installs the malware.
“This new vector for banking trojans shows that attackers are looking to expand past the regular malicious SMS messages,” the researchers said.
TeaBot masquerades as QR Code Scanner Apps
It’s not just FluBot. Another Android trojan called TeaBot (aka Anatsa) has been observed lurking on the Google Play Store in the form of an app named “QR Code Reader – Scanner App,” attracting no fewer than 100,000 downloads while delivering 17 different variants of the malware between December 6, 2021, and January 17, 2022.