Android logotype on a screen

Text message scam ‘Flubot’ taking over Android phones in the UK!

There has been a ‘package delivery’ scam called Flubot that has been sweeping across the UK and infecting Android phones over the past few weeks!

This blog post will talk you through what Flubot is and how you can stay alert.

What is Flubot?

It is a piece of malware that has the ability to take over devices and spy on them – used to gather sensitive data including banking details.

How can your phone become infected with Flubot?

The message will look to be from a package delivery firm with a link to track your parcel – however it is actually a piece of malicious spyware.

You can see an example from Vodafone for what the message looks like here.

A spokesman for Vodafone UK has said “we believe this current wave of Flubot malware SMS attacks will gain serious traction very quickly, and it’s something that needs awareness to stop the spread”.

How to remain vigilant?

If you see a link in a message that you are not expecting, you should not click it until you can verify its source.

If you are expecting a delivery, track your parcel directly on the courier’s website.

Currently, DHL is being used as the courier in most messages, and you can track your parcel here:

Note: Although DHL is being used now, it is highly likely that the scam may change to abuse other delivery companies.

What do if you receive a scam message

  1. Do not click the link in the message and do not install any apps if promoted.
  2. Forward the message to 7726 – a free spam-reporting service (regardless of your phone network)
  3. Delete the message

What do if you’ve already clicked on the link

As your device may now be at risk, you must take the following steps immediately:

Do not enter any passwords or log into accounts after these steps are completed!

  1. Perform a factory reset of your device, following the guidance here – if you don’t have backups enabled, you may lose data (remember to not restore from a backup made after installing the malicious app!)
  2. If you have logged in to an account after downloading the malicious app, the password will need to be changed – you should also do the same if you have used that password for other services.

How can you protect yourself from future scams like this?

  1. Back up your devices so that you don’t lose any important data (such as photos and documents for example) – you can follow the CyberAware campaign guidance here.
  2. Only install new apps from the recommended app store for your device (Google Play for most Android phones, with Huawei having its own app store)
  3. Make sure Google’s Play Protect Service is enabled (Huawei devices have a similar feature) – this will ensure that any malware from any downloaded app is detected and removed.

Does this affect me if I have an iPhone/Apple Device?

iPhones/Apple Devices are currently not at risk (due to not being able to install apps from .apk files away from the app store, as can be done on Android).

It is worth remembering that links in text messages may still act as phishing text messages – where you will be redirected and taken to a scam website where they will ask you to enter your personal details – which they will then be able to steal.

Check out the latest guidance and read more about Flubot

You can read the latest guidance from The National Cyber Security Centre (NCSC) here.

You can read more from BBC News on this story here.