Known as FluBot, this malware can be installed via text messages that are claiming to come from a delivery company and are asking the users to click a link to track package delivery.

This link asks users to install an application to follow the fake delivery, but the installed app actually is a malware designed to steal information from the previously infected Android smartphones.

FluBot gains access to the victim’s address book and manage to further spread the infected text message to all their contacts, therefore allowing the malware to access more devices.

NCSC, the UK’s National Cyber Security Centre, issued security guidance about how to identify and remove FluBot malware, while a few network providers like Three and Vodafone also issued warnings towards their users regarding this specific attack.

If an Android user accesses the link, they will be taken to a third-party website and asked to download a malicious APK file. Once installed, FluBot obtains all the permissions it needs to access and steal sensitive information like passwords, online bank details and other personal information.

Even if the malware can only infect Android devices, Apple users should also remain cautious about any text messages urging them to click links about delivery as some malicious websites could still be used to steal personal information.

The NCSC is warning people who’ve already clicked the link and downloaded the application to not log in to any additional online accounts in order to stop the attackers from harvesting more personal information and to perform a factory reset of their device as soon as possible.

To protect yourself from future scams like this, you should:

Back up your device to ensure you don’t lose important information like photos and documents. The CyberAware campaign explains how to do this.

Only install new apps onto your device from the app store that your manufacturer recommends. For example, most Android devices use Google’s Play Store. Some manufacturers, such as Huawei, provide their own app store.

For Android devices, make sure that Google’s Play Protect service is enabled if your device supports it. Some Huawei devices provide a similar tool to scan devices for viruses. This will ensure that any malware on your device can be detected and removed.


The NCSC recommends that users should change the passwords of any accounts they’ve logged in to since downloading the app, in order to prevent attackers from continuing to have access.

Leave a Reply

Your email address will not be published. Required fields are marked *