The Flubot Scam

by Administrator on Apr 30, 2021 in Financial Fraud

'flubot' text message scam warning for  Android phone users

Scammers are trying to steal bank details from people who use Android phones in a text message scam.

 

Users of British Android devices have been issued an urgent fraud warning about their mobile phones:

They are being sent text messages with links to tracking apps for major delivery companies such as DPD – however, the links are actually directing victims to a fraudulent app.

Newspapers are reporting that the links take you through to a fraudulent app which asks you to install tracking software - when it's really malware called 'Flubot' which allows scammers to remotely control Android features and steal private details.
Flubot can take over Android devices and spy on phones to gather your sensitive data, such as online banking details.
It also has the ability to trawl though contact lists and other personal data – allowing the scammer to access anything they wish.
Vodafone has stated that millions of cases this text message were already being sent across every network.

"We believe this current wave of Flubot malware SMS attacks will gain serious traction very quickly, and it's something that needs awareness to stop the spread!" a spokesman at Vodafone said.
They also stated that if anyone has installed the app they should reset their device to factory settings and then restore an older backup from before receiving this text message.

Customers should "be especially vigilant with this particular piece of malware", he said, and be very careful about clicking on any links in a text message.

Other networks, including EE and Three, followed with warnings of their own...


The National Cyber Security Centre (NCSC) have urged people to not to click on any unsolicited link.
"If users have clicked a malicious link it's important not to panic - there are actionable steps they can take to protect their devices and their accounts" a statement said.
"The seriousness of these malicious text messages is underlined by Vodafone making the decision to alert its customers" said Ben Wood, an analyst at CCS Insight.
"This has the potential to become a denial-of-service attack on mobile networks, given the clear risk that a rogue application can be installed on users' smartphones and start spewing out endless text messages."
"The broader risk for users is the compromise of highly sensitive personal data from their phones" he added.
A version of the text reported online purports to be a text message from the courier DHL, with a link to a website for consignment tracking.
If an Android user were to click on the link, they will find themselves at a page "explaining" how to install a parcel tracking app using something known as an APK.
APK files are a back door for installing Android apps outside of the security of the Google Play store!
By default, these applications are blocked for security reasons, but the web page you are taken to includes instructions on how to bypass safety guidelines.
Now this could be confusing, as there can be genuine cases for installing development apps - such as when downloading the Fortnite video game, after it was removed from the official app store amid a major legal battle between Google and the app developer owner.
Apple users are not affected as Apple phones cannot use Android APKs.


Kate Bevan, computing editor at consumer magazine Which? encourages people to be "wary" of texts.

"If you're not sure, contact the delivery company's official customer service helpline," she said.
"As ever, it's important to make sure that your mobile phone is up to date with security patches. Consider also installing mobile security software from a trusted brand."

Industry body Mobile UK declared users who receive any suspicious messages should forward it to 7726 to report it, and then immediately and permanently delete the message.
Action Fraud, the official anti-scams body for the Police, said all suspicious text messages should be forwarded to 7726 so that they can be investigated.

If your personal details could have been compromised, alert you bank and phone provider straight away. It is also important to change any passwords or pass codes that you have on your phone, as well as any PIN numbers you may have stored there. You may wish to text or email your contacts to alert then that their details could have been compromised and to be wary of any messages they receive from you.

 

 

Add comment