Warning – FluBot mobile smishing.

Android mobile phone users across Europe are currently being targeted by text messages containing a malware called “FluBot”.

FluBot is an Android malware that is spread via SMS. The SMS typically originates from a legitimate national or close geographic number and pretends to be from a parcel delivery company such as DHL, FedEx, UPS etc. The SMS requests the recipient to click on the link within it and, if the device is an Android, the recipient will be asked to download an app and to override security settings. Once this has been done the device will become controllable by fraudsters server (Command & Control) which is operated by criminals.

The device can now be used by criminals to read and send SMS, click on links, exfiltrate phone content, read and send emails, record screenshots on demand and any other activities that a user could carry out on their handset.

What should I do If I receive such an SMS?

If you receive a message as described above, do not click on the link, and delete the message. If you are expecting a delivery from impacted providers (for instance DHL, FedEx or UPS), double check the information through the company’s official website.

How do I know if my phone was affected?

You recently clicked on a link you received by SMS on your Android phone. You were asked to install an app and performed the installation.
Note that Apple devices are currently not affected by this malware.

What should I do, if have clicked on such a link and installed the app?

If you have clicked on such a link, you have to get rid of the app by following these steps:

  1. Push the Restart button a couple of seconds to switch to Safe mode.
  2. Once the device restarts, uninstall the malicious App by following the youtube tutorial.
  3. Call us at 0800 700 700 to finalize the reset.

Alternatively, you can also perform a factory reset. To do so, please follow our step by step guide:

  1. Backup all your personal data (photos, contacts, etc). Keep in mind, you will not be able to restore your current session.
  2. Go to our handset help page and select your mobile phone.
  3. Follow the steps under “Resetting to factory settings”.
  4. Reinstall your phone and resynchronise your personal data (contacts and photos). When restoring backups do not restore from any backups created after you installed the malicious app as these will be infected too.
  5. Reset passwords on any accounts used after you installed the app.
  6. If you use the same passwords on other accounts, change them too.
  7. Ensure that the Google Play Protect service is switched on.
  8. Call us at 0800 700 700 to finalize the reset.