You’re not alone if you’ve recently received any bizarre, jumbled SMS messages mentioning a missed call or voicemail. The messages are sent out by a piece of malware known as Flubot, which spreads by SMS and infects unprotected Android phones.

The truth behind Flubot
After circulating in Europe for some time, the Flubot virus has begun to surface in Australia. FluBot is a malware – like a computer virus – that can infect your Android device if you click on a malicious link in an SMS message. This malware then sends a series of similar text messages from your phone to other individuals without your knowledge, potentially infecting them.

If installed, the malware has wide access and can harvest your contact list to further spread, as well as accessing your personal information and banking details if you used it while infected. If infected, you should urgently remove the malware and change all your passwords, using another device that is not infected.

How Flubot can infect your phone?
You can get an SMS with a message like this from another cell phone number.

“g672hv7 Notification: (1) new voice message: [link]”

(It is important to note that these messages often have bad spelling in them which is an indication that they should be deleted immediately, and the number blocked – see example below)

 

Flubot messages example

 

If you click the link, you’ll be transported to a web page with a trusted brand (such as Telstra) and invited to download an app, for example to listen to voicemail messages. If you allow installation, the Flubot malware will be installed on your phone.

Flubot is a sophisticated piece of malware because it spreads by sending SMS messages to random mobile numbers, as well as mobile numbers scraped from a compromised Android device’s contact list. Each time it does this it creates a new, unique link, making it difficult to block at a network level. These messages are also being sent from infected devices all across the world that have fallen victim to the malware.

To have your mobile phone compromised by the Flubot malware, you would have to click on the link and visit the malicious website in the SMS you receive. It will only affect Android phones that have previously enabled the ‘side-loading’ of applications onto the device (which means the device is configured to permit the installation of software from less trustworthy locations than the Google Play Store) – so unless you’ve done this, you can rest easy.

These are the warning signs that your phone is infected
You won’t know whether your personal data is being accessed if your device is infected with Flubot, and you won’t be able to see your handset sending SMSes to infect others. The following are warning signs:

• In your apps is a new app called “Voicemail” with a blue cassette in a yellow envelope. If you try to uninstall you receive an error message “You cannot perform this action on a system service.”
• You receive text messages or telephone calls from people complaining about messages you sent them, but you did not know about the messages
• Telstra may detect you sending very high volumes of messages and send you an SMS, saying: “Your phone is sending many SMS and may be infected with malware/virus. Please remove the malware app or we may suspend your ability to send SMS. Search FLUBOT on Telstra website or call us for help.”

What can you do?
Importantly, just because you’ve received this message does not mean that your phone is already affected. If you’ve just received one of these messages, do not open the link and you’ll remain protected.

If you have clicked on the link and downloaded the software, chances are your device is now infected. The first rule in avoiding malware or virus attacks is to avoid opening and clicking anything suspicious (links, images or emails). Ignoring all the suspicious links from these messages will ensure you remain protected.

Getting anti-virus applications for Android phones will add another layer of defence against Flubot. It can detect Flubot infections and can clean phones that are infected.

Here are some guides on how to remove Flubot for Android phones:

If these guides did not solve your problem or if its too technical, doing a factory reset on your phone can erase the malware. After resetting your phone and planning to do a “Restore” backup, make sure the date of the backup is earlier than the timeframe where the phones got infected by Flubot. Restoring a recent backup will also restore the malware in your phone.

Changing all your passwords is the next thing you need to do after you successfully remove the Flubot malware in your phone. Do not change your passwords before removing the malware.

If you think your phone/device has been compromised, please contact EHW on (07) 4944 0111 for assistance.

 

References.

Getting strange ‘missed call’ SMS messages? Here’s how to avoid the Flubot scam (telstra.com.au)