White Hat Institute

Flash Player has been discontinued for almost a year, so what exactly are you updating?

Flash player flubot
Retrieved from techcrunch.com

You’re completely right if you were astonished to receive a notification for Flash Player updates on your phone, assuming it had died years ago. It actually died, and the “update” that’s been circulating online is essentially a scam to trick unsuspecting users into installing malware on their computers.

MalwareHunterTeam’s security researchers discovered an SMS phishing campaign aimed at Android users. The victim of that campaign would receive an SMS message stating that the video upload they had started could not be finished without a Flash Player update. The “update” can also be retrieved via a link in the same SMS message.

Instead of just the genuine update, the victims would be infected with the FluBot malware, which is an Android banking trojan that harvests user credentials by overlaying numerous different global banks.

FluBot analyzes the device’s list of contacts and distributes the identical message to as many people as possible, in addition to obtaining the users’ online identities. Flash Player has been declared dead and is no longer available for download for nearly a year. FluBot, on the other hand, is updated on a frequent basis. According to the article, the most recent one was released “only a few days ago.”

The Domain Generation Algorithm (DGA) system in this version (5.2) generates a large number of new Command and Control (C2) domains on the fly. It can then get through various security precautions, including the DNS blocklist. There are now 30 top-level domains in the latest edition, compared to three in prior versions. All Android devices have a simple security feature that prevents APKs from being installed from anywhere other than the Play Store. If you disable this option and want to install APKs from other places on the internet, be sure you’re downloading from reputable sources.