Text messages are an increasingly popular vector for hackers and assorted digitally focused ne’er-do-wells to use for separating unsuspecting victims from their data or their money. Sometimes both. The Android malware known as FluBot is one example of a threat spreading via a text message scam, managing to reel in victims for a number of different reasons. Partly because the average person these days is perhaps much less likely to click on a dodgy email.
But a text message that dresses itself up as a legitimate-looking “missed package delivery” update, as is the case with the way FluBot spreads, is apparently much more likely to find its mark.
FluBot malware — text message scam
According to the cybersecurity company Proofpoint, this particular flavor of Android malware — one of many to watch out for — appears to be surging once again. There had been a dip in FluBot activity earlier this year, attributed to arrests made in Europe. But now the FluBot malware is hitting more countries in Europe once again. “Its latest victims include Android users in the United Kingdom, Germany, Hungary, Italy, Poland, and Spain, based on Proofpoint and open source information,” according to the cybersecurity firm.
What’s more, FluBot also “may be on the cusp of spreading among US users.”
We’ve written about this particular threat before. It got bad enough earlier this year that the UK’s National Cyber Security Center decided to issue some formal guidance so that you hopefully won’t be fooled if this happens to you.
Also, while this primarily appears to be an Android threat, Apple device owners may not necessarily be immune to damage from the FluBot. “Users of Apple devices are not currently at risk, although the scam text messages may still redirect them to a scam website which may try to steal your personal information,” the UK’s warning reads.
Don’t catch the FluBot
Here’s how this malware works. The text message scam supposedly informs you that you’ve missed a package delivery. You click the link, and you’re prompted to download a phishing app. That is what has FluBot inside it.
After getting the requisite permissions from the user? FluBot can go on to act “as spyware, SMS spammer, and credit card and banking credential stealers,” according to Proofpoint.
I rarely interact with SMS messages anymore, partly because of all the scammy missives that are now floating around. And it’s also a good idea to generally confine your interactions with the source of the package you’re waiting on to its official website (like Amazon’s).
That said, here are some important steps to follow to keep your device safe:
- Don’t click the link inside the text, of course. And do delete the message. Again, if you happen to be expecting, say, a DHL delivery? Just visit the official DHL website to track your delivery there. Do not use the link in a text message. Visit the DHL website. Don’t. Click. That. Link.
- “For Android devices,” the recent UK alert continues, “make sure that Google’s Play Protect service is enabled if your device supports it. Some Huawei devices provide a similar tool to scan devices for viruses. This will ensure that any malware on your device can be detected and removed.”