BACKGROUND
Malicious text messages are being spammed to mobile users, containing a link which redirects Android users to download FluBot malware. The language and wording of the text message can vary, such as:
• You have a voicemail message.
• Your parcel is out for delivery. Click the link to track your parcel.
• Someone would like to share a photo album with you.
• Your Android device is infected with malware. You must install this security update to remove the malware.
Clicking on the link does not automatically initiate download on the Android device but instead requires the user's confirmation to install a program. iPhone users who click on the link are redirected to phishing sites which attempt to gain their credit card details.
FluBot is a malware which is used to steal banking credentials, payment information, text messages and contacts from infected devices. After infecting an Android device, FluBot spreads by spamming text messages to contacts and instructing them to install malicious apps.
IMPACT
• The malware will attempt to steal banking and credit card information, text messages and contact list from infected Android devices.
• iPhone users who are redirected to phishing sites could unknowingly reveal personal or financial information.
• Risk of identity theft and financial loss.
RECOMMENDATIONS
• Do not click on any links that are sent from suspicious or unknown sources.
• If you click on the link, do not install any app or security update that the page asks you to.
• Android users with infected devices are advised to perform a factory reset and restore from a backup that was created before the malware infection took place.
• Avoid doing any confidential work on your smartphone at least until malware has been removed completely.
• Be wary of any instructions to turn off antivirus software, as that can lead to malicious software being allowed to infiltrate the system.
• Avoid downloading third-party apps or installing apps by lesser-known developers.
• Ensure that your operating system (OS), and software/apps are kept up to date.