FluBot: Warning issued over text scam affecting Irish Android users

2 Jun 2021

Image: © Rostislav Sedlacek/Stock.adobe.com

Here’s what you need to know about the FluBot scam circulating in Ireland – and what to do if you receive a suspicious text message.

Malware that could allow criminals to steal personal data from your mobile phone is affecting Android users in Ireland, according to the National Cyber Security Centre (NCSC).

It has issued an alert after receiving reports that the FluBot spyware software is circulating in the country. This malware is used by malicious parties in a text message scam to steal passwords and sensitive data from a person’s mobile device.

These scam messages typically contain a link to click on to get details of a missed package delivery. The link will direct to a website replicating a legitimate delivery company site, and the user will be asked to download files that are actually banking trojans.

Users will be prompted to manually override and allow an untrusted app to be downloaded. The spyware can then be used to steal personal data, according to the NCSC, and to access the victim’s contacts to spread the malicious application through further text messages.

While Apple users may also receive these texts, the NCSC said Apple devices are not currently affected by this malware. It is downloaded as an APK file, or Android application package.

However, network operators Three Ireland, Vodafone Ireland and Eir have issued warnings to all customers to be cautious when receiving any text messages that ask you to clink on a link.

The FluBot malware has been reported around Europe in recent months, and the UK’s National Cyber Security Centre issued an alert about it in April.

What can I do if I get one of these texts?

If you receive a suspicious message, the NCSC advises that you do not click on the link within the text and that you delete the message.

If you’re expecting a delivery and are unsure if the message is legitimate, check the details through the official website of the company you ordered from or the delivery company that is being used.

If you have clicked on the link and installed the malware app, you will have to perform a factory reset on the device. Then when restoring backups, do not restore anything created after you installed the malicious app. Reset passwords on any accounts used after you installed the app, and if you use the same passwords on other accounts, change these too.

A rise in scams targeting smartphone users with texts that appear to be from delivery companies or Government institutions has been reported in recent months.

To avoid falling victim to these types of scams, Aberystwyth University’s Dr Gareth Norris and Alexandra Brookes recommend taking time to properly look at the content of any message you receive.

This includes watching out for language errors and strange details, asking whether it’s normal for this company to communicate with you via text, and checking the sites you purchased from for the delivery companies they use or even calling the company the text claims to be from to help clear things up.

Sarah Harford was sub-editor of Silicon Republic

editorial@siliconrepublic.com