SMS flubot: How telcos can protect end-users
What is SMS flubot?
SMS Flubots are a type of malware that emerged at the end of 2020, targeting Android users with fraudulent SMS links. They spread quickly and without the end user’s knowledge that their device is inflected until it’s too late- hence the namesake.
They aim to gain access to sensitive information such as passwords and banking information through apps on devices. It is easy for a flubot to go undetected as they are disguised as legitimate SMS traffic, making it hard for MNOs to gain the trust of their customers once they’ve been targeted.
How does flubot malware spread?
Users receive a business SMS from what appears to be a legitimate and trustworthy source. Fraudsters will send fake security checks that encourage users to change their password or update their information, giving them easy access to the user’s device.
Many times, hackers will present themselves as DHL or another delivery service, inviting them to install an app to track their order.
Now that the flubot has gained full access to the device, it can continue to spread to other devices by accessing contact lists and sending SMS messages from the infected phone without the device owner ever knowing a fraudulent message was sent.
Fulbot attacks happen suddenly and unexpectedly. TRAFICOM estimated that in just 24 hours, 70,000 flubot messages were sent to Finnish customers. MNOs won’t see them coming, and won’t have time to react to the malware attack once it has started.
Here is an example of how large volumes of flubot attacks can occur in just 24 hours:
What harm can SMS flubots cause?
SMS flubots have a negative effect on both end users and operators.
Gaining access to mobile devices allows the malware to access contact lists, banking apps and credit cards, and personal data which leads to detrimental effects on the end user’s life such as:
- Identity theft
- Loss of privacy
- Blackmail attempts
- Ransomware abuse
- Bill-shock
- Financial damage
- Roaming costs
- Complex disinfection of devices
Since the flubots are disguised as SMS traffic, it makes it easy for users to blame MNOs for their devices being attacked. This type of attack results in pains for MNOs like:
- Customer complaints
- User churn
- Dispute costs
- Artificial increase of traffic and network performance
- Low customer loyalty and trust
- Wholesale costs
How to prevent flubot attacks
Traditionally, operators have taken a reactive approach to dealing with SMS flubot scams. This means collecting spam reports and overage charges from customer complaints. At this point, the end user’s device has already been infected and they are suffering the wrath of the SMS flubot.
Many operators launched awareness campaigns to inform users of potential threats, but these are limited in effectiveness since they don’t prevent fraud attempts or help avoid new cases.
So, what can MNOs do to protect themselves and end users? For starters, they need to get ahead of the SMS flubot and be proactive instead of reactive.
SMS flubot solution: how it works
There are two distinct malware disruption stages:
- End users get the SMS message with instructions to install the app carrying the malware
- The phone becomes the trojan horse for further unwanted SMS traffic, infecting other end users
In the end, both users and MNOs need protection from SMS flubot and similar SMS malware. Infobip offers a complete machine-led protection system for filtering SMS messages and finding the flubots before they reach a user’s phone.
Countless SMS messages are sent daily which need to be filtered. Our SMS firewall relies on the statistical analysis of:
- Volumetrics (daily or hourly burst)
- Number of unique destinations
- Text similarity analysis for text masking
- Updated database of malicious URLs
- Machine-led proactive threat detection
- Automated responses to suspicious activity
- MSISDN reputation analysis
Having a large database of known A2P fraudulent text patterns is a must for detecting malicious texts and processing SMS content. If MNOs can have their SMS traffic filtered for flubot activity, they can protect their end users and reduce the risk of devices being compromised.
In addition to the machine-led solution, our team of security experts are constantly on the look-out for new and threatening malware and suspicious activity that could put MNOs and customers at risk. They are there to support MNOs by getting ahead of the issues and finding efficient ways to protect clients.
Ensuring subscriber privacy
Examining SMS traffic in search of fraudulent messages involves processing message content. So, what does that mean for user data and privacy?
Thankfully, user data is anonymized and won’t be compromised when being filtered. The data is examined by machines that look for suspicious patterns and suspect URLs and can distinguish genuine messages from fraudulent ones. SMS messages that are recognized as genuine are not further processed and can’t be tampered with, so the end user’s messages stay private and safe.
This leaves no need for human intervention or supervision. User data is secure as it never leaves the operator’s data center or messaging eco-system for processing data.
Benefits of preventative measures
For end users:
MNOs can offer customers better protection from flubots by adopting a machine-led proactive solution. Customers won’t experience bill shock or submit complaints due to the aftermath of SMS flubot attacks.
For operators:
Avoiding churn and disinfection costs as well as reducing customer complaints are some of the biggest benefits MNOs can experience. They can increase customer satisfaction with their brand by offering better security and saving on wholesale and interworking costs.
For the SMS ecosystem:
By proactively filtering SMS messages, MNOs offer better device protection and help stop future attacks through SMS traffic. It also helps increase trust in mobile technology and MNO providers alike.