We have been made aware of a ‘Flubot’ SMS malware scam which is affecting Android devices on any mobile network. Further information is included from the National Cyber Security Centre.
About the Malware
The ‘Flubot’ malware begins as an SMS appearing to be from a courier company like DPD, DHL etc saying “to track your parcel, click on this link”.
If the link is clicked, the malware is downloaded as a system app onto your phone. The malicious app then starts using your phone as an SMS generator to attempt to infect other phones. The malicious app registers itself as a system app, so you can’t uninstall it.
One UK network operator has identified 460 individual end customers affected and between them their phones have collectively sent over 800k SMS over the past 24 hours. The malware also scans infected phones for any crypto currency wallets and any banking apps to try to steal details.
What can I do?
We are advising mobile phone users to be especially vigilant with this particular piece of malware and to always be very careful about clicking on any links received in an SMS.
Customers should forward any suspicious SMS to 7726 so the links can be tracked – this is a service provided by Ofcom the UK Telecoms regulator.
The best advice if you’re unsure is to ignore, report, delete.
One UK carrier has indicated that affected end customers may have their inbound and outbound SMS service restricted until their handset is fully factory reset, as that is the only known way to clear the malware from an affected Android handset. It’s not yet clear it other UK carriers and other partner networks will take the same approach.
We received the notification from Vodafone UK, however we have been made aware that this is affecting all Mobile Networks.
Should you have any queries or concerns about the malware or believe you may have clicked on the text link please contact our team on 01302 260195 or contact your mobile service provider.