FluBot malware Infecting Android Phones
Updated 2.00pm on 4 October:
FluBot malware is being spread through text messages on Android phones and is currently affecting New Zealanders. There are a number of different message varieties, including:
- You have a parcel delivery that is pending
- Someone is attempting to share an album of photos with you
- You have received a voicemail
If you have received the texts this does not mean your device has installed the malware. Do not click on the link, as it will direct you to a page with instructions related to the message you have received, or a page that looks like a security warning that you have FluBot installed.
Visiting these pages does not mean you have been infected by FluBot, but do not follow any instructions on these pages, as that will infect your phone.
FluBot attempts to steal your banking and credit card information as well your contact list, which it uploads to a server to continue spreading itself. Once a device has been infected with FluBot it can result in significant financial loss.
Given that the wording of these texts has changed within a short timeframe, it is likely the wording will change again. Be wary of any suspicious text messages you receive, asking you to click on a link, and forward any new suspicious texts to 7726.
Android mobile phones.
What this means
FluBot automatically sends text messages from infected devices to contacts it has received from other infected devices. Once the message is sent, the phone blocks the number so the recipient is unable to respond to avoid raising suspicion.
Messages spreading FluBot will come from New Zealand or other mobile numbers and contain a link to a parcel delivery website asking to install an app or a security update.
Installing the app or update triggers the infection and the device will begin sending messages to other devices, as well as trying to get the device owner’s credit card and banking details.
What to look for
How to tell if you're at risk
If you have received a suspicious text message asking you to follow a link, specifically if you have an Android phone.
How to tell if you're affected
If you have downloaded and installed an app or security update after following a suspicious link in a text message.
What to do
Do not click on the link if you receive a suspicious text message, and do not install any app or security update the page asks you to.
If you are expecting a delivery, it’s best to track the delivery via the courier’s website directly.
Forward any new suspicious texts you receive to 7726.
If you have been affected by this campaign, you should factory reset your device as soon as possible. This will delete any data on your phone, including personal data.
Do not restore from backups created after installing the app. Seek the services of a qualified IT professional if you require assistance.
You will also need to change the passwords to all of your online accounts, with urgency around your online bank accounts. If you have concerns that your accounts may have been accessed by unauthorised people, contact your bank immediately.