That SMS message could be some seriously nasty Android malware

Threat actors are using SMS text messages to spread a password-stealing malware that attacks Android devices, experts have warned.

Once installed, the malware, known as FluBot, will harvest authentication details and other personal details and sensitive information.

To make matters worse, the malware makes its way into a victim’s address book, and in worm-like fashion infects other devices by sending itself to all the contacts.

Third-party APKs

From an infected device, the malware sends a text message masquerading as legitimate, often pretending to have come from reputable companies such as DHL, Amazon, Asda, Argos and others.

The message includes a phishing link that requests recipients to download an app, distributed as an APK, in order to track their delivery. As you can imagine, the app is the password-stealing malware.

By default, Android blocks the installation of third-party APKs. This is why the website that hosts the APK also handholds users through the process of overriding that safety mechanism. Once installed, the app gets to work.

UK’s National Cyber Security Centre (NCSC) has issued security guidance to help users identify the FluBot text messages, while network providers Three and Vodafone have also started relaying warnings about the malware to their users.

The NCSC further urges users who receive the FluBot messages to forward them to the free spam-reporting service (7726), before proceeding to delete the message.

According to reports, although the malware is currently known to only infect Android devices, the NCSC is also advising Apple users to pay close attention to text messages that ask them to click links about a delivery. 

While the APKs won’t install on iOS devices, the fear is that the fake delivery websites could also be used to siphon off personal information.

Related posts