‘Flubot’ text message scam infecting Android phones

We have been made aware of a text message scam that is affecting Android phones on any mobile network (iPhones are currently unaffected). The scam texts are known as ‘Flubot’ SMS Malware and pretend to be from legitimate businesses. 

What is the ‘Flubot’ SMS malware?

The ‘Flubot’ malware begins as an SMS text message from a courier company such as DPD or DHL etc saying “to track your parcel, click on this link”.  If the link is clicked, the malware is downloaded as a system app onto your phone, which means you won’t be able to uninstall it. The malicious app then starts using your phone as an SMS generator to attempt to infect other phones.  The malware also scans infected phones for any crypto currency wallets and banking apps to try and steal details. 

How can you protect yourself?

We are advising customers to be especially vigilant with this particular piece of malware and to always be very careful about clicking on any links received in a text message.

If you’re unsure about a text message, the best advice is to ignore, report and delete.  Customers should forward any suspicious SMS to 7726 so the links can be tracked – this is a service provided by Ofcom the UK Telecoms regulator.

Network operator Vodafone said millions of the text messages had already been sent across all networks. It is thought that the current wave of Flubot malware SMS attacks will gain serious traction very quickly, so it is important to generate awareness to stop the spread. 

One UK carrier has indicated that affected end customers may have their inbound and outbound SMS service restricted until their handset is fully factory reset, as that is the only known way to clear the malware from an affected Android handset.

“If your business has a telecoms account with Purchase Direct or you would like any guidance on this matter, please contact our Telecoms team on 01707 299 100.