A new piece of Android malware is spreading across devices using SMS messages (shortly known as smishing) about “missed package delivery.”
It seems that Android users across the United Kingdom are particularly targeted by these messages, aiming to distribute the Flubot spyware. The UK’s National Cyber Security Centre has issued a warning about the malicious campaign. “The NCSC is aware that a malicious piece of spyware – known as FluBot – is affecting Android phones and devices across the UK,” the official alert says.
It is noteworthy that that Web is full of similar scams, fake apps and browser redirects related to package tracking and deliveries, such as Package Tracking Tab, Package Tracker Express, Search.trackyourpackagetab1.com, and so on.
Flubot Spyware Distributed Across Android Devices via Missed Package Delivery Text Messages
The malware is spread via specific SMS messages about a missed package delivery, but how is it installed on affected devices?
Flubot is installed when the victim receives the said text message in which they are prompted to install a tracking app related to the missed package delivery. This application is malicious as it is designed to steal passwords and other sensitive details, the NCSC warns.
The app is also capable of obtaining access to contact details and sending out additional messages, thus spreading Flubot to more devices.
As seen in many phishing campaigns, the user is prompted to click a particular link, redirecting them to a scam website. Apple devices are not currently at risk, the researchers say, but they may still be redirected to a scam website aiming to harvest personal details.
What Shall You Do If You Receive a Scam SMS?
In general, the safety tips that apply to phishing emails are also valid for scam text messages. First, you should not interact with the contents of the message, meaning that you should not click on the provided link. NCSC security researchers recommend forwarding the message to 7726, a free spam-reporting service provided by phone operators. Finally, you should delete the message.
What if you have already clicked the provided malicious link?
Since now your passwords and related online accounts are now at risk of hacking, you should perform the following steps:
- Back up your data and perform a factory reset as soon as possible. “You should avoid restoring from any backups created after you downloaded the app, as they will also be infected,” the researchers warn.
- You should also change the passwords of your accounts and apps.
More about Smishing Scams
Researchers also warn that smishing scams have been on the rise since the pandemic started. However, they are not something new, and have been plaguing mobile users for quite some time.
As you may have guessed, smishing comes from “SMS phishing”. Shortly said, smishing messages attempt to make potential victims pay money or click on suspicious links. Smishing scenarios may vary. Scammers can send a text message to a person and ask them to call a particular phone number.
If you receive a dubious text message from an unknown source, be on alert! If you’re in doubt that the sender may be an institution like your bank, call and double-check. But don’t do anything unless you are absolutely sure it is safe to proceed.
Warmable Android Malware Also Reported Recently
This is not the first case of “wormable” malware spreading from device to device with an ease. Check Point security researchers recently came across a wormable piece of Android malware that can be downloaded from the official Play Store. The malware, which is masqueraded as a Netflix app called FlixOnline, can propagate via WhatsApp messages.