What is SMS Phishing or smishing and how do FLUBOT get to access your Android?
What is SMS Phishing
Phishing is a type of social engineering where an attacker sends a fraudulent message designed to trick a human victim into revealing sensitive information to the attacker. Smishing or SMS fishing is also like that here attacker send a fraud text message try to reveal victim information or install a malicious application.
How SMS Phishing Working
This is how smishing is working.
How FLUBOT working
Flbot is a banking trojon. This malicious application show bank’s login screen that is obviously a fishing login template. When users log in through those template flubot capture credentials also sends or intercept messages for OTP.
New features in recent FluBot versions
FluBot’s DGA uses 30 top-level domains instead of just three used previously and also features a command that enables attackers to change the seed remotely.
Now the question is what is DGA and how does it is work?
DGA stand’s in domain generation algorithm. A Domain Generating Algorithm (DGA) is a program or subroutine that provides malware with new domains on-demand or on the fly.
The malware connects the C2 server through a fixed domain or IP address. Because if it is blocking this fixed IP or domain then malware can’t transmit data. But this new technique constant changing of the domain for the C&C(C2) server is also sometimes called Domain Fluxing or Fast Fluxing, which actually is a reference to an older technique based on abusing the DNS load balancing system. On this weakness DGA come a big change that.
DGA generate domains that are predictable to both sides of the communication chain
DGA has to be as unpredictable for security researchers as possible
The domain registration fee has to be low, which benefits purchasing more domains.
Domain Fluxing need speed enormous
The domain registration process has to be anonymous or at least untraceable.
FluBot directly connects with the C2(Control & Connect) server through HTTPS in Port 443.
Along with the new version of Flubot add some commands like,
Update DNS resolvers
Update the DGA seed remotely
Send longer SMS messages using multi-part division functions
The latest version of FluBot retains the capability to:
Open URLs on demand
Get the victim’s contact list
Uninstall existing apps
Disable Android Battery Optimization
Abuse Android Accessibility Service for screen grabbing and keylogging
Perform calls on demand
Disable Play Protect
Intercept and hide new SMS messages for stealing OTPs
Upload SMS with victim information to C2
Summary
This thing is like a real Flu, It infects your device gathers your contact information sent them the same malware via smashing, and gradually infection rising. So be careful about unknown links and stay away from downloading software from the unknown links.
No comments:
Post a Comment