Android mobile phone users across the UK are being targeted by text messages containing a really nasty example of spyware called “Flubot,” states the country’s National Cyber Security Centre (NCSC).
This malware is spreading fast through ‘missed package delivery’ SMS texts, necessitating urgent scam warnings from major mobile carriers.
The malware is delivered to targets through SMS texts & prompts them to install a “missed package delivery” app. However, it takes targets to a scam website where they download the “app” — which is actually the spyware.
When installed, it goes on to gains permissions, steal banking information & credentials, taking passwords stored on the device & also taking away various items of personal information. It also sends out further text messages to the infected device’s contact list, which lets it to “go viral” — very much like the real flu.
The UK’s National Cyber Security Centre (NCSC) has issued security guidance about how to identify & remove FluBot malware, while network providers including Three & Vodafone have also issued warnings to users over the text message attacks.
As yet, most of the phishing texts are made to look as though they are being sent from DHL, the NCSC commented, but also warned, “the scam could change to abuse other company brands.”
One victim posted a message posing as a link from the Royal Mail.
Another user on Twitter spotted this scam “Amazon” message which they point out swaps the “o” for a zero in the link.
⚠️SCAM TEXT ALERT ⚠️
If you receive a text message that looks like this one below:
IGNORE: Do not click any links.
REPORT: Report it by forwarding to 7726.
DELETE: Remove the text from your phone. pic.twitter.com/ailKcmXYh4
— Vodafone UK (@VodafoneUK) April 22, 2021
Forward the Text
For anyone who receives what they believe to be a scam text, they are advised not to click on any links & forward the text to “7726” a “free spam-reporting line” created to combat UK fraud. Then, delete the message & block the sender.
If a user has already clicked on the link, the NCSC warned not to enter any password or other personal information. To remove the malware from the infected device, “Perform a factory reset as soon as possible,” the NSCS guidance reads. “The process for doing this will vary based on the device manufacturer. Note that if you don’t have backups enabled, you will lose data.”
The NCSC added that if a user has entered their personal information, it is critical to change those passwords immediately to prevent further compromise.
To prevent future attacks, NSCS said users should back up any important information, only install a minimal number of apps from trusted sources & use available virus protection offered by Google Play & others.
SMS Phishing (‘Smishing’)
These types of SMS phishing scams, also known as “smishing,” are hardly new. In Feb., attackers were obtaining personal data of users in the UK with fake messages promising tax refunds for overpayment. Mobile phishing has been a ‘booming business’ since the start of the pandemic, experts state, which they expect will only continue to increase.
Paul Ducklin, Researcher at Sophos, explained why ‘smishing’ is becoming such a very popular choice for threat players in discussing the Feb. campaign.
“SMSes are limited to 160 characters, including any web links,” Ducklin observed. “So, there’s much less room for crooks to make spelling & grammatical errors, & they don’t need to bother with all the formalised cultural pleasantries (such as ‘Dear Your Actual Name’) that you’d expect in an email.”
Ducklin also pointed out the small mobile screen makes it harder for users to detect a scam, concluding that “once you’ve tapped on the link & the browser window has filled the screen, it’s harder to spot that you are on an imposter site.”