Experts cautioned that a text message scam infecting Android phones is expanding across the UK. The message, which appears to be from a parcel delivery company and instructs users to download a tracking program, is actually a malicious piece of spyware. Flubot can seize over smartphones and spy on phones in order to collect sensitive data, such as online banking information. Vodafone, the network provider, said that millions of text messages had now been transmitted through all networks.
Flubot is the name of malicious malware that attacks Android devices. Flubot is distributed by cybercriminals through SMS messages that include links to download websites for a bogus FedEx program (in at least three languages, including German, Polish, and Hungarian). These websites download a malicious APK file (Android Package File) that installs the banking malware Flubot.
“We believe this current wave of Flubot malware SMS attacks will gain serious traction very quickly, and it's something that needs awareness to stop the spread," a spokesman said. Customers should "be extra cautious about this specific piece of malware,” he said, and avoid clicking on any links in text messages.
Later, the National Cyber Security Centre (NCSC) provided guidelines on the threat, with instructions on what to do if you accidentally accessed the attacker's program. "If users have clicked a malicious link it's important not to panic - there are actionable steps they can take to protect their devices and their accounts," the NCSC said in a statement. The ransomware may also send further text messages to the contacts of an infected person, aiding its propagation.
"The seriousness of these malicious text messages is underlined by Vodafone making the decision to alert its customers," said Ben Wood, chief analyst at CCS Insight. "This has the potential to become a denial-of-service attack on mobile networks, given the clear risk that a rogue application can be installed on users' smartphones and start spewing out endless text messages. The broader risk for users is a loss of highly sensitive personal data from their phones," he added.
Although text message scams pretending to be from a package delivery company are popular, they have mainly focused on phishing, which involves tricking the recipient into filling out a form with personal information such as bank account numbers.
