SYMBOLCOMMON_NAMEaka. SYNONYMS
apk.flubot (Back to overview)

FluBot

aka: Cabassous, FakeChat

PRODAFT describes FluBot as a banking malware, originally targeting Spain and potentially German-, Polish-, and English-speaking users. It uses a DGA for it's C&C. In 2021 it has been used all around Europe.

References
2021-06-01BitdefenderAlin Mihai Barbatei, Oana Asoltanei, Silviu Stahie
@online{barbatei:20210601:threat:83b0dfc, author = {Alin Mihai Barbatei and Oana Asoltanei and Silviu Stahie}, title = {{Threat Actors Use Mockups of Popular Apps to Spread Teabot and Flubot Malware on Android}}, date = {2021-06-01}, organization = {Bitdefender}, url = {https://labs.bitdefender.com/2021/06/threat-actors-use-mockups-of-popular-apps-to-spread-teabot-and-flubot-malware-on-android/}, language = {English}, urldate = {2021-06-09} } Threat Actors Use Mockups of Popular Apps to Spread Teabot and Flubot Malware on Android
Anatsa FluBot
2021-05-31Twitter (@alberto__segura)Alberto Segura
@online{segura:20210531:flubot:8657f6d, author = {Alberto Segura}, title = {{Tweet on Flubot version 4.4}}, date = {2021-05-31}, organization = {Twitter (@alberto__segura)}, url = {https://twitter.com/alberto__segura/status/1399249798063087621?s=20}, language = {English}, urldate = {2021-06-09} } Tweet on Flubot version 4.4
FluBot
2021-05-14NortonLifeLockArmin Buescher, Gokulakrishnan S
@online{buescher:20210514:how:23df023, author = {Armin Buescher and Gokulakrishnan S}, title = {{How Flubot targets Android phone users and their money}}, date = {2021-05-14}, organization = {NortonLifeLock}, url = {https://www.nortonlifelock.com/blogs/research-group/flubot-targets-android-phone-users}, language = {English}, urldate = {2021-05-19} } How Flubot targets Android phone users and their money
FluBot
2021-05-05zimperiumJon Paterson
@online{paterson:20210505:flubot:c917ba6, author = {Jon Paterson}, title = {{Flubot vs. Zimperium}}, date = {2021-05-05}, organization = {zimperium}, url = {https://blog.zimperium.com/flubot-vs-zimperium/}, language = {English}, urldate = {2021-05-08} } Flubot vs. Zimperium
FluBot
2021-04-29IBMBen Wagner
@online{wagner:20210429:story:79bd16a, author = {Ben Wagner}, title = {{The Story of FakeChat}}, date = {2021-04-29}, organization = {IBM}, url = {https://securityintelligence.com/posts/story-of-fakechat-malware/}, language = {English}, urldate = {2021-05-03} } The Story of FakeChat
FluBot
2021-04-27ProofpointCrista Giering, fnaves, Andrew Conway, Adam McNeil
@online{giering:20210427:flubot:3b61899, author = {Crista Giering and fnaves and Andrew Conway and Adam McNeil}, title = {{FluBot Android Malware Spreading Rapidly Through Europe, May Hit U.S. Soon}}, date = {2021-04-27}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/blog/threat-insight/flubot-android-malware-spreading-rapidly-through-europe-may-hit-us-soon}, language = {English}, urldate = {2021-05-04} } FluBot Android Malware Spreading Rapidly Through Europe, May Hit U.S. Soon
FluBot
2021-04-21Twitter (@alberto__segura)Alberto Segura
@online{segura:20210421:flubot:2b590e4, author = {Alberto Segura}, title = {{Tweet on FluBot Version 4.0}}, date = {2021-04-21}, organization = {Twitter (@alberto__segura)}, url = {https://twitter.com/alberto__segura/status/1384840011892285440}, language = {English}, urldate = {2021-04-28} } Tweet on FluBot Version 4.0
FluBot
2021-04-19nvisoJeroen Beckers
@online{beckers:20210419:how:60ec572, author = {Jeroen Beckers}, title = {{How to analyze mobile malware: a Cabassous/FluBot Case study}}, date = {2021-04-19}, organization = {nviso}, url = {https://blog.nviso.eu/2021/04/19/how-to-analyze-mobile-malware-a-cabassous-flubot-case-study/}, language = {English}, urldate = {2021-04-28} } How to analyze mobile malware: a Cabassous/FluBot Case study
FluBot
2021-03-29Medium (Cryptax)Axelle Apvrille
@online{apvrille:20210329:androidflubot:01484cd, author = {Axelle Apvrille}, title = {{Android/Flubot: preparing for a new campaign?}}, date = {2021-03-29}, organization = {Medium (Cryptax)}, url = {https://cryptax.medium.com/android-flubot-preparing-for-a-new-campaign-2f7563fc6c06}, language = {English}, urldate = {2021-03-31} } Android/Flubot: preparing for a new campaign?
FluBot
2021-03-16Medium CSIS TechblogAleksejs Kuprins
@online{kuprins:20210316:brief:895027b, author = {Aleksejs Kuprins}, title = {{The Brief Glory of Cabassous/FluBot — a private Android banking botnet}}, date = {2021-03-16}, organization = {Medium CSIS Techblog}, url = {https://medium.com/csis-techblog/the-brief-glory-of-cabassous-flubot-a-private-android-banking-botnet-bc2ed7917027}, language = {English}, urldate = {2021-03-24} } The Brief Glory of Cabassous/FluBot — a private Android banking botnet
FluBot
2021-03-08PRODAFT Threat IntelligenceAhmet Bilal Can
@techreport{can:20210308:flubot:c691c53, author = {Ahmet Bilal Can}, title = {{FluBot - Malware Analysis Report}}, date = {2021-03-08}, institution = {PRODAFT Threat Intelligence}, url = {https://raw.githubusercontent.com/prodaft/malware-ioc/master/FluBot/FluBot.pdf}, language = {English}, urldate = {2021-03-22} } FluBot - Malware Analysis Report
FluBot
2021-03-05Medium walmartglobaltechJason Reaves
@online{reaves:20210305:look:71fca27, author = {Jason Reaves}, title = {{A look at an Android bot from unpacking to DGA}}, date = {2021-03-05}, organization = {Medium walmartglobaltech}, url = {https://medium.com/walmartglobaltech/a-look-at-an-android-bot-from-unpacking-to-dga-e331554f9fb9}, language = {English}, urldate = {2021-03-11} } A look at an Android bot from unpacking to DGA
FluBot

There is no Yara-Signature yet.