TY - GEN
T1 - Lessons in Prevention and Cure
T2 - 2023 European Symposium on Usable Security, EuroUSEC 2023
AU - Geers, Artur
AU - Ding, Aaron
AU - Gañán, Carlos Hernandez
AU - Parkin, Simon
PY - 2023
Y1 - 2023
N2 - The smishing-based malware Flubot was taken down in mid-2022, yet there is little understanding of how it directly impacted smartphone users. We engage with customers of a partner Internet Service Provider (ISP), who have suffered a Flubot infection on their smartphones. We surveyed 87 ISP customers who had been notified of a Flubot infection, in the months around and preceding the take-down of Flubot. We found that slightly over half of respondents were unaware of the malware infection before being notified, though many others had suspicions. We also observe that just over half of respondents experienced non-technical harms from the malware, with many experiencing harms before notification and several experiencing unwanted or aggressive activity from users of other infected devices. Many respondents reported not having removed the malware, while some discarded the infected device or stopped using online services in their efforts to be more secure afterwards. We offer recommendations, including that clearer guidance be sought to help users identify a malware infection (and not a focus only on prevention), and support provided for recovery from personal harms caused by mobile malware, as the impacts are not only technical.
AB - The smishing-based malware Flubot was taken down in mid-2022, yet there is little understanding of how it directly impacted smartphone users. We engage with customers of a partner Internet Service Provider (ISP), who have suffered a Flubot infection on their smartphones. We surveyed 87 ISP customers who had been notified of a Flubot infection, in the months around and preceding the take-down of Flubot. We found that slightly over half of respondents were unaware of the malware infection before being notified, though many others had suspicions. We also observe that just over half of respondents experienced non-technical harms from the malware, with many experiencing harms before notification and several experiencing unwanted or aggressive activity from users of other infected devices. Many respondents reported not having removed the malware, while some discarded the infected device or stopped using online services in their efforts to be more secure afterwards. We offer recommendations, including that clearer guidance be sought to help users identify a malware infection (and not a focus only on prevention), and support provided for recovery from personal harms caused by mobile malware, as the impacts are not only technical.
KW - Flubot
KW - smartphone malware
KW - user notification study
UR - http://www.scopus.com/inward/record.url?scp=85175403440&partnerID=8YFLogxK
U2 - 10.1145/3617072.3617109
DO - 10.1145/3617072.3617109
M3 - Conference contribution
AN - SCOPUS:85175403440
T3 - ACM International Conference Proceeding Series
SP - 126
EP - 142
BT - Proceedings - EuroUSEC 2023
PB - Association for Computing Machinery (ACM)
Y2 - 16 October 2023 through 17 October 2023
ER -