Can we, as a collective tech community, all agree that scams and malicious hacks are bad and we shouldn’t do them anymore? No? OK, back to reality, where your Android phone is under attack by yet another malware scam, and using yet another nefarious tactic to do it. Here’s what you need to know about FluBot, and how to keep your data safe.
A brief history of FluBot
FluBot isn’t a new threat, but it is definitely experiencing a resurgence. The malware first reared its head in early 2021, originating in Spain and making its way through the UK and the rest of Europe. It infects victims’ smartphones starting with an SMS posing as an official alert from a delivery company letting the victim know a package was arriving, and encouraging them to tap a URL to track it.
Doing so brings up a page instructing the user to download a tracking app for the package. The tracking app—surprise, surprise—turned out to be malware, injecting the smartphone with nasty malware that spied on the user’s smartphone activity. The goal, of course, was to steal financial login information so hackers could rob your bank accounts. How thoughtful.
FluBot has new tricks up its sleeve
Hackers like the ones behind FluBot thrive off of ignorance of their schemes and scams. As such, they likely saw diminishing returns as the affected areas of the world learned about the malware; government agencies in the FluBot’s targeted countries warned citizens about Flubot, exposing the type of message that would try to trick users into downloading the problem in the first place.
So, what are FluBot hackers to do? They must evolve. Just as the Inception team brought the mark’s attention to the nature of the dream, the hackers are bringing the world’s eyes to FluBot. Now when you tap on the link in their malicious text messages, they issue a pop-up warning people that their phones are infected with FluBot. The only way to remove FluBot, according to FluBot, is to download an “Android security update.” (The “Android security update” is, unsurprisingly, infected with FluBot.)
You might also see this pop-up as a warning that you have a special voicemail that you can only listen to via a particular app (not one of their most convincing ideas, in my opinion). These schemes are spreading worldwide; CERT NZ, New Zealand’s Computer Emergency Response Team, recently put out an excellent blog post on the subject for its citizens, but it applies to anyone who might encounter the FluBot scam.
How to prevent FluBot from infecting your smartphone
First, and most obviously, do not click on these links. Don’t click on strange links generally, such as ones asking you to track a package you didn’t order. That’s just cybersecurity best practices right there; always verify the legitimacy of a link before opening it, whether that be on a smartphone, tablet, or computer. Note that only Android phones are affected by FluBot; iPhones can receive the message and open the pop-up, but the app cannot be installed on iOS.
You can also make sure that your Android apps are not able to install additional unknown apps without your permission. That will prevent apps like FluBot from sneaking their way onto your device. For Android 8 or later, head to Settings > Apps > Special access > Install unknown apps, then make sure “Not allowed” is set for your apps. If any app says “Allowed,” switch it to “Not allowed.” For Android 7 or earlier, head to Settings > Security (or Lockscreen and Security), and ensure “Unknown sources” is disabled.
If you have tapped the link in the text message, but not downloaded any apps, the good news is there doesn’t appear to be any risk at this time. As we understand it, FluBot is only effective once you actually download the app tied to the link in the pop-up; the link in the SMS just takes you to the pop-up, so that process alone shouldn’t infect your phone with malware. Still, CERT NZ recommends you change your passwords if you did tap on that SMS link, just to be safe.
And OK, let’s say you did select the link in the pop-up, and you downloaded the hidden FluBot app within it. Don’t panic. Factory reset your phone to completely remove any trace of FluBot on your device, or restore from a backup from before you downloaded the FluBot app. Then change all of the passwords for your connected accounts. You’ll also want to contact your bank to make sure there has been no suspicious activity on your account. And then never click or tap on any unexpected links again.