A new strain of password-stealing Android malware is infecting consumers’ devices around the world. Mobile network operators and security researchers worldwide have sent up a flare about a text message scam infecting users with Flubot, a malicious piece of spyware.
Flubot is able to spy on consumers and access contact details once it infiltrates a user’s phone system. It can even go on a text message spree that will send out more malicious messages to further spread the spyware.
How Flubot works
The way Flubot appears on a user’s phone is pretty innocuous -- a text message simply pops up claiming to be from a delivery company. Within that message, users are prompted to click on a link to track their supposed package. However, once that link is clicked, Flubot takes over and installs more phishing malware on the device.
Britain’s National Security Cyber Centre reports that the malicious messages have claimed to be from DHL so far, but researchers warn that other delivery companies can easily be cited for the purposes of the scheme. The organization also reports that Apple device users are not currently at risk, but it’s possible the scam text messages might still redirect them to a website that may steal their personal information.
Protecting yourself against Flubot
Dealing with malware is a hassle that nobody wants, so it’s important that everyone is aware of what to look out for when it comes to these scams. If you receive a text message from a company that you don’t normally do business with or someone you don’t frequently get text messages from, that should immediately raise red flags.
If you receive one of these suspicious messages, this is what you should do:
Do not click the link in the message, and do not install any apps if prompted.
Forward the message to 7726 (SPAM), a free spam reporting service endorsed by the Federal Trade Commission (FTC) and offered by telephone companies.
Delete the message.
In situations in which you were actually expecting a DHL delivery, it’s recommended that you visit the official DHL website to track your delivery. Make sure that you do not use the link in the scam text message.
All is not lost if you have already clicked the link to download the application, but you are going to have to do a system reset and wipe your device clean. One important thing: Do not enter your phone’s password or log into any accounts until you have done all the steps.
Perform a factory reset. The process for a reset on an Apple device is here; for Android devices, follow the steps posted here. Sadly, you will lose the data on your phone if you don’t have a backup installed for your device.
Once you set up the device after the reset, you might be asked if you want to restore it from a backup. Make sure that you are not restoring to a version of your phone that came after you downloaded the malicious app because that backup will also be infected.
Two final suggestions: take preventive measures if you haven’t been hit by Flubot. Back up your device and only install apps from your device’s “official” app store like Apple’s App Store and Google’s Play Store. An additional suggestion for Android users is to make sure Google’s Play Protect is enabled on your device. Every additional layer of protection is worth the effort when fighting against malware and spyware.
You should also investigate steps the FTC suggests as possible ways to protect your phone from malware and spyware. Those suggestions are available here.