The spyware tries to steal passwords and other sensitive data and accesses your contact list, warns the U.K.’s National Cyber Security Centre.
A new malicious piece of spyware is targeting Android users in the U.K. in an attempt to snag their passwords and other private information. Last Friday, the U.K.’s National Cyber Security Centre (NCSC) issued an advisory cautioning people to beware of the new spyware dubbed FluBot. Affecting Android phones and devices across the U.K., FluBot is triggered after a user receives a text message asking them to install a tracking app in response to a “missed delivery package.” Clicking on the link in the text directs the victim to a scam website that launches the spyware.
SEE: Top Android security tips (free PDF) (TechRepublic)
FluBot then sets out on its malicious mission, namely trying to steal passwords and other confidential data from the infected device. The spyware also digs into the user’s address book to find more potential victims to whom it can send the text message, thereby propagating itself. So far, the messages claim to be from DHL, but the attack could change to impersonate other brands, the NCSC said.
FluBot has been hitting Android devices, including ones made by Huawei and Samsung, in which users are asked to download the app. iPhone and iPad users aren’t currently at risk, according to the NCSC, however, the text messages might still direct them to the scam website, which may attempt to steal certain information.
How to respond to the text message
If you receive a text that you think is part of this scam, the NCSC advises you to avoid clicking on the link in the message, don’t install any apps if prompted, and forward the message to 7726 (a free spam reporting service set up by carriers in the U.K., U.S. and elsewhere). Finally, just delete the message. Further, if you’re waiting for a package from DHL, visit the company’s website to track the shipment.
What to do if you’ve downloaded the spyware
If you’ve already downloaded FluBot, you’ll need to clean your device and check any affected accounts, according to the NCSC.
First, don’t log into any accounts or enter a password anywhere until you’ve cleaned your device. To actually clean it, perform a factory reset as soon as possible. This process varies by device and vendor, but Android users can follow the steps in this Google help page. Remember that you’ll lose data if you don’t have a backup to restore after the reset. If you do have a backup, be sure to use one that was created before you downloaded the spyware.
Next, you’ll need to check your account passwords. If you’ve logged into any accounts since downloading the spyware, change your passwords immediately. If you’ve used the same password on other accounts, change those as well.
How to avoid mobile spyware scams
To protect yourself from these types of mobile scams, remember the following tips from the NCSC:
- Back up your phone or tablet to make sure you don’t lose critical data such as photos and documents. Back up your device on a regular basis, especially before you perform any significant changes, such as installing a new app.
- Install apps only from legitimate app stores. For Android users, that means Google Play. For iPhone/iPad users, that means Apple’s App Store. Some manufacturers, such as Samsung and Huawei, offer their own dedicated app stores.
- For Android users, make sure that Google Play Protect is enabled on your device before you install any apps. Huawei devices come with their own virus scanner. These tools attempt to scan for and remove any detected malware.