I have created a tool to remove FluBot, one of the most dangerous malwares in Android that's striking European countries, like Germany and Spain right now. For more information on how the bot and the scam works, please read PRODAFT's White Paper or follow this link to look up the latest news regarding the malware.
To summarize, this malware has been around since November 2020 and it has now started spreading even quicker by using the contact list from infected devices to spread itself. The malware has now infected approximately 60.000 devices and has gathered a 25% of the total Spanish mobile phone numbers. In order to know what are the spread routines, and how it manages to infect users, please check here.
This malware is also capable of showing fake login screens for plenty of banks whenever the user attempts to open any legitimate bank app, in order to collect all sorts of login credentials and credit card details, as well as replacing your SMS application (and not allowing you to use another one). As a malware, it prevents from being uninstalled using an accessibility service, which the user manually granted while unknowingly installing the malware.
Knowing all of the above, I created malninstall (from malware-uninstall, and also known as FluBot Malware Remover) in order to help inexperienced people get rid of the malware. Upon installation (and detection of infection), malninstall shows a step by step guide on how to set-up the tool in order to remove FluBot, and after removal, it also helps the user undo the changes the application made to the device.
Malninstall is based on the principle that, whenever FluBot detects the user is performing an action that can affect the malware, like uninstalling or stopping its accessibility service, it will hit the (virtual) home button several times, and show a message, warning the user that "this kind of action is not allowed for a system service", which is not true. So, in order to remove the malware, malninstall will set itself as the device's launcher (temporarily), allowing this way to stay focused and letting the user to tap on the uninstall prompt that malninstall helps open. After the uninstall was successful, the user will be prompted to choose their launcher back to the one they were using before.
This project is completely open-source, and its source code can be checked on GitHub.
If you know of someone that got infected with this malware, feel free to advise them giving malninstall a try!
Download latest version - GitHub Project page - Featured in XDA Portal - Featured in Xataka (Spanish)
Check out how the malware removal process works in this video: