Text message scam infecting Android phones with FluBot

New Zealanders are currently being affected by a malicious app, known as FluBot, which is being spread via text messages on Android phones. The wording of the text messages may be about a parcel delivery or that photos of the recipient have been uploaded or a voicemail. In all cases there will be a link, asking you to install an app or a security update.

The wording of these texts is changing so be wary of any suspicious text messages you receive asking you to click on a link, and forward these texts free-of-charge to 7726.

1 October 2021

How it works.

The malicious app will only infect your phone if you click the link and download the app. Receiving the text does not mean you are infected. Apple phones can receive the message but cannot be infected.

The link will take you to a page that either tells you to download a tracking app for the parcel delivery or tells you that your phone is infected with FluBot and to download anti-FluBot software.

Until you download the application and install it, your phone is not infected.

 Here are some examples of what the messages may look like:

If you have received a message:

  • If you have received this message, it is important that you do not click the link. Apple phones can receive the message but cannot be infected.
  • Please report the message by forwarding it free-of-charge to 7726, then delete it. If you receive multiple messages, report as many as you can to 7726, and then delete them.
  • Messages are sent from phones infected with this app so there is no simple way to prevent your phone from receiving these messages. Forwarding them to 7726 helps the Department of Internal Affairs (DIA) and CERT NZ to shut down the links in the text messages and contact people who have been infected by the app.

If you clicked the link, but did not download anything:

  • If you clicked the link but took no further action, you should not be affected. However, CERT NZ strongly recommends that you change all your online account passwords and contact your bank as a precaution.
  • As above, forward the message free-of-charge to 7726, then delete it. If you receive multiple messages report as many as you can to 7726 and then delete them.
  • If you entered any personal information into a form, especially credit card details, then we recommend you contact your bank and check for any unusual activity.

If you clicked the link and downloaded the app:

If you clicked the link and downloaded the app, you need to  take the following steps immediately.

  • Forward the message free-of-charge to 7726, then delete it.
  • You will need to factory reset your phone or restore it from a back up made before you received the text. A reset will delete any data on your phone including photos so if you have any questions we recommend talking to an IT professional first.
  • Contact your bank and check for any suspicious activity.
  • Change all of your online passwords.
  • Report the incident to CERT NZ 

For further information on the scam see our advisory