Skip to main content

That SMS message could be some seriously nasty Android malware

Tablet
(Image credit: Shutterstock)

Threat actors are using SMS text messages to spread a password-stealing malware that attacks Android devices, experts have warned.

Once installed, the malware, known as FluBot, will harvest authentication details and other personal details and sensitive information.

To make matters worse, the malware makes its way into a victim’s address book, and in worm-like fashion infects other devices by sending itself to all the contacts.

TechRadar needs you!

We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.

>> Click here to start the survey in a new window<<

Third-party APKs

From an infected device, the malware sends a text message masquerading as legitimate, often pretending to have come from reputable companies such as DHL, Amazon, Asda, Argos and others.

The message includes a phishing link that requests recipients to download an app, distributed as an APK, in order to track their delivery. As you can imagine, the app is the password-stealing malware.

By default, Android blocks the installation of third-party APKs. This is why the website that hosts the APK also handholds users through the process of overriding that safety mechanism. Once installed, the app gets to work.

UK's National Cyber Security Centre (NCSC) has issued security guidance to help users identify the FluBot text messages, while network providers Three and Vodafone have also started relaying warnings about the malware to their users.

The NCSC further urges users who receive the FluBot messages to forward them to the free spam-reporting service (7726), before proceeding to delete the message.

According to reports, although the malware is currently known to only infect Android devices, the NCSC is also advising Apple users to pay close attention to text messages that ask them to click links about a delivery. 

While the APKs won’t install on iOS devices, the fear is that the fake delivery websites could also be used to siphon off personal information.

We’ve also rounded up the best ransomware protection tools

Via ZDNet