Enough people in the UK have been receiving text messages supposedly about a “missed package delivery” — which prompts the person to install a tracking app that actually contains Android malware — that the UK’s National Cyber Security Center decided to issue some formal guidance so that you hopefully won’t be fooled if this happens to you.
This is another piece of supremely nasty Android malware, which has been named FluBot, to be extra vigilant about, following some other particularly devious examples we’ve told you about recently (here, and here). As far as one of those that we previously reported on goes, Zimperium zLabs researchers found what they described as a “sophisticated new malicious app” targeting Android users that disguised itself as a System Update, even though it’s really an application that’s able to completely take over a victim’s phone, including by stealing data, messages, and images. Regarding this new Android malware, however, it disguises itself by prompting the user to download a tracking app by clicking on the missed delivery text, at which point the spyware kicks into action — it can steal user passwords and other sensitive data, according to the UK’s NCSC. Even worse, it has a self-replicating mechanism that sends texts from you to other victims, prompting them to take similar action to download the Android malware on their phones and keep the chain going.
So far, at least according to the warning from the UK, the scam messages are made to appear like they come from the package delivery company DHL, though the hackers can change the deception to make it seem like the message is coming from a different company at some point later on. Also, while this primarily appears to be an Android threat, Apple device owners may not necessarily be immune — no pun intended — to damage from the FluBot. “Users of Apple devices are not currently at risk, although the scam text messages may still redirect them to a scam website which may to steal your personal information,” the UK’s warning reads.
The tweet below shows what the Android threat looks like in practice:
⚠️SCAM TEXT ALERT ⚠️
If you receive a text message that looks like the one below:
IGNORE: Do not click any links.
REPORT: Report it by forwarding to 7726.
DELETE: Remove the text from your phone. pic.twitter.com/ailKcmXYh4
— Vodafone UK (@VodafoneUK) April 22, 2021
Important steps to follow to keep your device safe:
- Obviously, don’t click that link. And do delete the message. If you happen to be expecting a DHL delivery? Just visit the official DHL website to track your delivery. Do not use the link in a text message, like the one you see above. Visit the DHL website. Don’t. Click. That. Link.
- “For Android devices,” the UK alert continues, “make sure that Google’s Play Protect service is enabled if your device supports it. Some Huawei devices provide a similar tool to scan devices for viruses. This will ensure that any malware on your device can be detected and removed.”