Click to Skip Ad
Closing in...

Don’t fall for this trick that unleashes nasty new Android malware

Published Apr 27th, 2021 5:09PM EDT
Android malware
Image: Oleksii/Adobe

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

Enough people in the UK have been receiving text messages supposedly about a “missed package delivery” — which prompts the person to install a tracking app that actually contains Android malware — that the UK’s National Cyber Security Center decided to issue some formal guidance so that you hopefully won’t be fooled if this happens to you.

This is another piece of supremely nasty Android malware, which has been named FluBot, to be extra vigilant about, following some other particularly devious examples we’ve told you about recently (here, and here). As far as one of those that we previously reported on goes, Zimperium zLabs researchers found what they described as a “sophisticated new malicious app” targeting Android users that disguised itself as a System Update, even though it’s really an application that’s able to completely take over a victim’s phone, including by stealing data, messages, and images. Regarding this new Android malware, however, it disguises itself by prompting the user to download a tracking app by clicking on the missed delivery text, at which point the spyware kicks into action — it can steal user passwords and other sensitive data, according to the UK’s NCSC. Even worse, it has a self-replicating mechanism that sends texts from you to other victims, prompting them to take similar action to download the Android malware on their phones and keep the chain going.

So far, at least according to the warning from the UK, the scam messages are made to appear like they come from the package delivery company DHL, though the hackers can change the deception to make it seem like the message is coming from a different company at some point later on. Also, while this primarily appears to be an Android threat, Apple device owners may not necessarily be immune — no pun intended — to damage from the FluBot. “Users of Apple devices are not currently at risk, although the scam text messages may still redirect them to a scam website which may to steal your personal information,” the UK’s warning reads.

The tweet below shows what the Android threat looks like in practice:

Important steps to follow to keep your device safe:

  • Obviously, don’t click that link. And do delete the message. If you happen to be expecting a DHL delivery? Just visit the official DHL website to track your delivery. Do not use the link in a text message, like the one you see above. Visit the DHL website. Don’t. Click. That. Link.
  • “For Android devices,” the UK alert continues, “make sure that Google’s Play Protect service is enabled if your device supports it. Some Huawei devices provide a similar tool to scan devices for viruses. This will ensure that any malware on your device can be detected and removed.”
Andy Meek Trending News Editor

Andy Meek is a reporter based in Memphis who has covered media, entertainment, and culture for over 20 years. His work has appeared in outlets including The Guardian, Forbes, and The Financial Times, and he’s written for BGR since 2015. Andy's coverage includes technology and entertainment, and he has a particular interest in all things streaming.

Over the years, he’s interviewed legendary figures in entertainment and tech that range from Stan Lee to John McAfee, Peter Thiel, and Reed Hastings.