Spanish cops arrest four in ‘FluBot’ text hacking scheme

The hacking group has targeted upwards of 71,000 with their scam.
Barcelona, Spain
La Sagrada Familia in Barcelona, Spain. (David Ramos/Getty Images)

Police in Barcelona have arrested four hackers suspected to be behind a massive criminal scheme which has targeted tens of thousands of victims with malicious links impersonating banks in order to steal victims’ credentials and money.

In the raid, which took place March 2, the police collected laptops, cash, documents, and other high-end mobile devices, the Criminal Investigation Division of the Barcelona Metropolitan Police Region said in an announcement.

The scammers’ plot included sending bad links through SMS messages to victims, which, if clicked, would direct targets to fake pages imitating banking pages or mobile operators, where the hackers would then steal victims’ credentials and duplicate the victims’ SIM cards to take control of the victims’ phones, according to the release. The attacker-controlled sites were hosted on servers located in the Cayman Islands, according to law enforcement.


The hackers would then make fraudulent money transfers with their newfound access and purchase high-end cell phones.

The group has sent upwards of 71,000 such tainted messages to victims, the police said in the announcement.

The four men arrested belong to a malware gang called FluBot, according to The Record, which first reported on the arrests. The police did not immediately return request for comment on the name of the group.

The men arrested last week, who have already appeared in court, are accused of committing fraud and being members of a criminal group. Two of the men have been imprisoned while the other two have been released but ordered to appear in court every 15 days as the investigation is ongoing.

FluBot is capable of spreading far and wide after infecting its initial targets, in part because it collects victims’ contact lists and expands the target set from there, according to security researchers at Proactive Defence Against Future Threats (PRODAFT).


Security researchers first spotted FluBot earlier this year. Ninety-seven percent of Flubot’s victims are located in Spain, according to PRODAFT.

Cybercrime groups have long been sending malicious text messages to targets for financial gain. Last year security researchers revealed that hackers belonging to a group known as FakeSpy were sending Android malware through text messages impersonating postal services to targets in the U.S., Europe and China. Hackers have recently been using spammy text messages impersonating Brazilian banks to steal money, as IBM Security found.

The police began their investigation into the suspected FluBot criminals in October after receiving a report from a victim that they had been targeted in such a text message campaign.

Shannon Vavra

Written by Shannon Vavra

Shannon Vavra covers the NSA, Cyber Command, espionage, and cyber-operations for CyberScoop. She previously worked at Axios as a news reporter, covering breaking political news, foreign policy, and cybersecurity. She has appeared on live national television and radio to discuss her reporting, including on MSNBC, Fox News, Fox Business, CBS, Al Jazeera, NPR, WTOP, as well as on podcasts including Motherboard’s CYBER and The CyberWire’s Caveat. Shannon hails from Chicago and received her bachelor’s degree from Tufts University.

Latest Podcasts