Android users in the UK have been warned to be wary of suspicious text messages after it was discovered that threat actors are spreading data-stealing malware.
Once installed, the FluBot malware harvests authentication details, personal details and sensitive information such as passwords and bank account details.
Additionally, once the malware has access to a users phone, it can also infect address books, sending itself to contacts.
The malware sends a seemingly legitimate text message pretending to have come from reputable companies such as Amazon, DHL, and ASDA.
However, the link included in the message is actually a phishing attack that requests recipients to download an app, distributed as an Android application package (APK), in order to track the delivery of an ordered item.
The UK’s National Cyber Security Centre (NCSC) has issued security guidance to help users identify the FluBot text messages, while network providers Three and Vodafone have also started relaying warnings about the malware to their users.
Users have been further urged to forward them to the free spam-reporting service before as well as avoiding entering a password, or logging into any accounts until you have followed guidance from the NCSC.
Commenting on the news, Burak Agca, Security engineer at Lookout, said: “Mobile users across Europe are facing a new and targeted mobile phishing campaign that is spreading the FluBot banking trojan.
“Facebook and LinkedIn’s recent data breaches of over a billion user records is providing attackers with a rich pool of targets. Threat actors are using Deutsche Post & DHL, Saturn, UPS and other popular delivery services to send victims SMS text messages purporting to validate or provide updates about shipments.
“When an Android user taps the malicious link, they are forwarded to a page where they are prompted to download an app so they can track their package. Once installed, the infected app FluBot, can intercept and send SMS messages, display screen overlays, and steal contacts.”
- Why senior management needs to make cloud backup a priority
- Fake Netflix app spreads malware through WhatsApp
- Goodbye Emotet | Notorious botnet permanently deleted
According to reports, although the malware is currently known to only infect Android devices, the NCSC is also advising Apple users to pay close attention to text messages that ask them to click links about a delivery.
While the APKs won’t install on iOS devices, the fear is that the fake delivery websites could also be used to siphon off personal information.
Agca continued: “iOS users, by comparison, are directed to phishing pages that link to other malware or impersonate major banks in the hopes of stealing that user’s mobile banking login credentials. Almost 80% of mobile phishing attacks are intended to deliver malware like FluBot.
“Mobile security should not be seen as an optional extra on our mobile devices. Today, the majority of us are predominantly working without being attached to a corporate network. In the same way, you would not dream of surfing or interacting on the internet without an Anti-virus, an on-demand scanner, and phishing protection on your PC exactly the same applies to the computer in your pocket.”