Android malware FluBot had its infrastructure taken down following an international law enforcement operation that included authorities from the U.S. and 10 other countries, The Hacker News reports.
Threat actors have been distributing FluBot, also known as Cabassous, through SMS-based phishing messages aimed at exfiltrating online banking information, passwords, and other sensitive data, while further infection is facilitated by sending the malware to the contacts of the infected device, said a statement from Europol, which noted that the operation was spearheaded by the Dutch Police.
Prior to its takedown, FluBot was reported by ThreatFabric to be the second-most active banking trojan during the first five months of 2022.
The dismantling of FluBot is "great win considering FluBot threat actors have or had one of the most resilient strategies when it comes to distribution and hosting of their backends with DNS-tunneling through public DNS-over-HTTPS services. This backend resilience in C2 hosting and fronting is what makes the efforts of the Dutch digital crime unit very impressive," said ThreatFabric founder and CEO Han Sahin.