Flubot: Warnings Over Major Android 'Package Delivery' Scam

Experts have warned that a text-message scam infecting android phones is spreading across the UK. The message – which pretends to be from a package delivery firm, shown below, prompts users to install a tracking application but is actually a malicious piece of spyware.

The spyware, called Flubot, has the ability to hijack devices to send more scam text messages to an infected user’s contacts and harvest personal data from phones including online banking details.

While text message scams are not uncommon, this newest wave of attack differs as it tries to trick users into installing malicious software on the phone itself – rather than focusing on phishing, which focuses on tricking users into filling in a form with personal information and bank details.

If someone using an Android phone clicks on the link, they will be taken to a page which provides steps on how to install the ‘parcel tracking’ app using something called an APK.

APK files are a method of installing applications onto Android devices outside of the secure Google Play Store. Typically, these types of installations are blocked for security purposes, but the installation page includes instructions on how to bypass such security measures.

iPhone users are not affected as they cannot install Android APK files.

Cyberlab Advice:

Always avoid installing applications from anywhere except the Google Play Store.

If you receive a suspicious message, forward it to 7726 to report the message and then delete the message. This free-of-charge short code enables your provider to investigate the origin of the text and take action, if found to be malicious.

Detect. Protect. Support.

Posture Assessment

Understand your security risks and how to fix them.

Take the first step to improving your cyber security posture, looking at ten key areas you and your organisation should focus on, backed by NCSC guidance.

Claim your free 30-minute guided posture assessment with a CyberLab expert.

Comments are closed.