The Flubot malware has switched to a new and likely more effective lure to compromise Android devices, now trying to trick its victims into infecting themselves with the help of fake security updates warning them of Flubot infections.

Potential victims are also instructed to enable the installation of unknown apps if they're warned that the malicious app cannot be installed on their device.

This banking malware (also known as Cabassous and Fedex Banker) has been active since late 2020, and has been used to steal banking credentials, payment information, text messages, and contacts from compromised devices.

Until now, Flubot spread to other Android phones by spamming text messages to contacts stolen from already infected devices and instructing the targets to install malware-ridden apps in the form of APKs.

Once deployed via SMS and phishing, the malware will try to trick the victims into giving additional permissions on the phone and grant access to the Android Accessibility service, which allows it to hide and execute malicious tasks in the background.

Source: bleepingcomputer.com