Do not click on this text message


Protect Your Access to the Internet

Text messages are an increasingly popular vector for hackers and assorted digitally focused ne’er-do-wells to use for separating unsuspecting victims from their data or their money. Sometimes both. The Android malware known as FluBot is one example of a threat spreading via a text message scam, managing to reel in victims for a number of different reasons. Partly because the average person these days is perhaps much less likely to click on a dodgy email.

But a text message that dresses itself up as a legitimate-looking “missed package delivery” update, as is the case with the way FluBot spreads, is apparently much more likely to find its mark.

FluBot malware — text message scam

According to the cybersecurity company Proofpoint, this particular flavor of Android malware — one of many to watch out for — appears to be surging once again. There had been a dip in FluBot activity earlier this year, attributed to arrests made in Europe. But now the FluBot malware is hitting more countries in Europe once again. “Its latest victims include Android users in the United Kingdom, Germany, Hungary, Italy, Poland, and Spain, based on Proofpoint and open source information,” according to the cybersecurity firm.

What’s more, FluBot also “may be on the cusp of spreading among US users.”

We’ve written about this particular threat before. It got bad enough earlier this year that the UK’s National Cyber Security Center decided to issue some formal guidance so that you hopefully won’t be fooled if this happens to you.

Also, while this primarily appears to be an Android threat, Apple device owners may not necessarily be immune to damage from the FluBot. “Users of Apple devices are not currently at risk, although the scam text messages may still redirect them to a scam website which may try to steal your personal information,” the UK’s warning reads.

Don’t catch the FluBot

Here’s how this malware works. The text message scam supposedly informs you that you’ve missed a package delivery. You click the link, and you’re prompted to download a phishing app. That is what has FluBot inside it.

After getting the requisite permissions from the user? FluBot can go…