If you’ve been bombarded with weird texts mentioning a missed call lately, you’re not alone because thousands of Australians have reported the strange, scammy messages. And as you’d expect, the messages are attempting to infect your device with Flubot malware.
So what do we know about the messages and how can you protect yourself?
What Is FluBot?
To put it simply: FluBot is malware that can be installed on your Android device, sometimes without your knowledge.
Prior to arriving in Australia, FluBot has infected devices across Europe in countries like the Netherlands, Switzerland and Finland earlier this year. Now the malware has come Down Under and has targeted thousands of Australians, including comedian Em Rusciano — who asked Telstra to explain it.
— Em Rusciano (@EmRusciano) August 11, 2021
How Does My Phone Get Infected?
Gizmodo understands that the virus is spreading via SMS messages from other mobile phone numbers, which makes it incredibly hard to block from a telco perspective.
The texts, which are usually filled with spelling mistakes, look something like this:
“z0re4 You have a missed lall. Caller left ylu z mesxage,” followed by a link.
Clicking on the link attached will then take you to a legitimate-looking website that mimics a brand you already trust (like your telco provider or a delivery service).
From here, you’ll be prompted to install a relevant app to listen to a voicemail or track a parcel. However, once you give permission to download the app, the malware will be loaded onto your device.
The malware will only be able to access Android devices that have previously enabled application side-loading onto the device. If you haven’t enabled this, you’re safe.
What Can FluBot Access?
Once installed, FluBot can access your contact list and send further infecting messages to your friends on your behalf.
Additionally, it can access your personal information — including banking details — if you use these features while infected.
Basically, if your device is infected, you should immediately remove the malware and change all of your passwords (but make sure you change these on a separate, not infected device).
How Do I Know If My Device Is Infected?
Short answer? You won’t know if your data is being accessed, or if your device is sending out texts to infect other devices.
However, there are a few warning signs you can look out for:
- Your telco provider may send you a message warning that you’re sending out abnormally high volumes of texts.
- You may receive calls or texts from numbers asking why you messaged them a strange text.
- A new app entitled ‘Voicemail’ is loaded onto your device. The icon is a blue cassette in a yellow envelope.
Do I Have To Worry About FluBot If I’m An iPhone User?
Although the FluBot malware itself doesn’t pose a threat to iPhones, iOS users should still be on alert for suspicious texts as the phishing websites they promote can still be used to harvest your personal information.
Basically, if you get a suspicious-looking text with some sort of link attached, don’t click on it.
Oops, I’m Infected! What Now?
Although you should do everything in your power to avoid getting infected in the first place, all hope is not lost if you’ve read this far only to discover that you’re already infected with FluBot.
Most anti-virus applications for Android will be able to detect and remove the malware from your device.
Alternatively, you can read up on technical guides to removing the FluBot malware. However, it’s worth noting that this is quite difficult and likely isn’t an option if your tech novice Grandpa has infected his device.
Or, if you want to keep it really simple, you can just perform a factory reset on your device. But be warned: performing a recent backup restore to get your saved files back will also restore the malware.
Gizmodo Australia has reached out to the telco ombudsman and the eSafety Commissioner for comment. If you are a victim of FluBot or another malware, you can report it to the Australian Cyber Security Centre here.