Urgent - Flubot SMS Malware

Save on Your Energy This Autumn!

We have been made aware of a ‘Flubot’ SMS scam which is affecting Android devices on any mobile network. iPhones are currently unaffected.

About the Malware

The ‘Flubot’ malware begins as an SMS appearing to be from a courier company like DPD, DHL etc saying “to track your parcel, click on this link”.

If the link is clicked, the malware is downloaded as a system app onto your phone. The malicious app then starts using your phone as an SMS generator to attempt to infect other phones. The malicious app registers itself as a system app, so you can’t uninstall it.

One UK network operator has identified 460 individual end customers affected and between them their phones have collectively sent over 800k SMS over the past 24 hours. The malware also scans infected phones for any crypto currency wallets and any banking apps to try to steal details.

What can I do?

We are advising customers to be especially vigilant with this particular piece of malware and to always be very careful about clicking on any links received in an SMS.

Customers should forward any suspicious SMS to 7726 so the links can be tracked – this is a service provided by Ofcom the UK Telecoms regulator.

The best advice if you’re unsure is to ignore, report, delete.

One UK carrier has indicated that affected end customers may have their inbound and outbound SMS service restricted until their handset is fully factory reset, as that is the only known way to clear the malware from an affected Android handset. It’s not yet clear it other UK carriers and other Cellhire partner networks will take the same approach.