The Android Flubot Scam - Don't Catch It! • ArmaFone

The Android Flubot Scam – Don’t Catch It!

Just when we had seen the back of COVID-19, something else emerges for our phones – the Android Flubot!

Recently Vodafone and the National Cyber Security Centre (NCSC) have been alerted of a form of spyware that’s only affecting Android phones.

This spyware, called Flubot, is made to look like a SMS text message impersonating a package delivery notification, typically under the DHL name. Should an Android user come across the message and click the link in the text message, it invites them to download an app in order to track their package.

What they’re unaware of is that the app is actually collecting personal data from their phone such as passwords, bank account details through online banking apps and even saved contacts, which can further spread the spyware through association.

Because it affects Samsung, Huawei and Google Pixel users, this spyware can cause a severe impact upon the Android userbase due to data security being breached.

How Can I Identify A Flubot Text?

Below is one of many examples of the Flubot text message:

Some details to notice whenever you receive a text message like this are as follows:

Insecure link: If the link begins with “http” instead of “https,” it could indicate that the link has no security and could take data from anyone visiting the page.
Unknown number: Should the text message come from an unknown number that’s not associated with any company, it can be a sign of a scam.
Frequency: Users can potentially receive duplicates of the same text message from different contact numbers, making each text message less official.

What Can I Do?

Should you ever come across a text similar to what has been presented above, here is some guidance:

Ignore the text message: If you receive a text with a suspicious link, do not click on it or accept any app installations/permissions it offers.
Double-check: Should you have an expected delivery, make sure to visit the official tracking website of the company you use. Avoid using the link in the text message.
Report the text message: Forward the scam text message to 7726, a free-to-use spam-reporting service.
Remove it: After reporting it, delete the message from your phone – out of sight, out of mind!

However if you have installed the application by accident, here is some further advice to help:

Avoid logging-in: This will prevent the malicious spyware from discovering more personal data.
Factory reset your device: This will help remove the spyware from your device as it wipes all data back to default factory settings.
Use a previous backup: If you have any backups made before you installed the application, use them to restore your phone’s settings to your liking.

Please stay safe when approaching these types of text message scams – they could adapt to use other company names.