Incoming package SMS is dangerous: it contains Russian floppot virus

A The most dangerous SMS. Very dangerous, it deserves a certain alarm CERT-AgID, The Computer Emergency Response Team Company for Digital Italy for the presidency of the Council of Ministers. Text messaging is, in fact, vulnerable and is known as the Android smartphone virus Flobot.

It is a malware that has already been identified many times in the past in Spain, Germany and Hungary, and now Specific version for Italy This includes various strategies to avoid any attempt to remove the user, except to keep the text of the message in Italian. This malware does not work on smartphones with Uzbek, English (UK), Turkish, Tajik, Russian, Romanian, Kyrgyz, Kazakh, Georgian, Armenian, Belarusian or Azerbaijani languages ​​and suggests that it should be a primary language instead Virus made in Russia: Exclusion of countries of the former Soviet Union is common to malware created in that country.

How To Authenticate SMS With Flobot Virus

SMS identified by CERT-AgID is one of many in this regard Export (Here we saw the others): In the text, we are talking about a package that is destined for us, with a link to follow the tracking, but it really starts the epidemic. Among the many variations of this message, read “Your package is waiting“,“Your package is on its way“,“The package is waiting [numero di telefono] Check and confirm the details“, Or”Tomorrow we will deliver your package“.

The text changes, but the subject is always the same: the message ends with a Link The user is sent to click. However, Floboot operates at its full potential: a Fake DHL Courier Page The download and installation of a dummy DHL application will start automatically.

Application during installation “Access permissions“To the user. These are the highest benefits, which are only available for reading or listening aids for the disabled. If the user offers them for a fake DHL application, The virus can do whatever it wants On the affected Android device.

Why Flobot is Dangerous

It emerges from the analysis of CERT-AgID Flobot A type of malware “infostealer“, That is, those who steal our sensitive information. The technique is very advanced: the virus exaggerates every time a user visits a site that requires registration and login (he has already registered) Dummy login screen Asks him to re-enter more data.

If the user does, then The data is sent to the server Virus control. The Most Attractive Sites For Flobot Controllers And All Other InfostellersHome Bank: If the device is infected, the user risks accessing his bank account to hackers.

There is a specialty to remove the blob Tool, Developed by a security researcher Linux, But the version of Flopot in circulation in Italy is better than others: it not only manages to block the tool, but also contains a string of code that makes fun of the researcher.

Linux has developed an update for this tool, but it looks like “Police and thieves“They are destined to chase each other for a long time to come.