How to protect your phone from the FluBot scam

19 Aug 2021

If you’ve been bombarded with strange texts lately, you’re not alone because thousands of Australians have been reporting scam text messages and unfortunately these messages are often attempting to infect your device with Flubot malware.

What Is FluBot?

FluBot is malware that can be installed on your Android device, usually without your knowledge.

How does FluBot infect your phone?

The virus is spreading via text messages. The texts are usually filled with spelling mistakes that look something like this:

efgh2 You have a missed call. Caller lfrt a mssafge,” followed by a link.

Clicking on the attached link will take you to a fake website that mimics a brand you may already trust.

From here, you’ll be prompted to install an app to listen to a voicemail or track a parcel. However, once you give permission to download the app, the malware will be loaded onto your device.

What Can FluBot Access?

Once installed, FluBot can access your contact list, sending further infecting messages on your behalf.

Additionally, it can access your personal information, including your banking details if you use banking apps while the phone is infected.

If your device is infected, you should immediately remove the malware and change all of your passwords (just make sure you change these on a separate device).

How do I know if my device is infected?

While it can be hard to know if your device has been infected, or if your device is sending out texts to infect other devices, here are a few warning signs to look out for:

  • If you're a customer of ours, we may have sent you a warning message to let you know you’re sending out abnormally high volumes of texts.
  • You may receive calls or texts from unknown numbers asking why you messaged them.
  • A new app called ‘Voicemail’ is present on your device. The icon is a blue cassette in a yellow envelope.

How can I remove FluBot?

Most anti-virus applications for Android will be able to detect and remove the malware from your device. If you need to manually remove the malware you can attempt either of the below options:

  • Turn on Google Play Protect, as this may allow you to remove the malware app
  • Activate Android's Safe Mode. This will temporarily block any 3rd party apps from running, allowing you to identify and uninstall any Flubot apps.

If the above steps do not resolve the issues, you'll need to perform a factory reset of your device. This should remove the malware but risks erasing all your other data (photos, messages, apps, etc). If you perform a factory reset, make sure you restore content from a not-so-recent backup to avoid the malware remaining on your device.

Additional ACCC Advice
  • Do not click the links and delete the text message
  • Do not call back the individual who sent the text as they are unlikely to be the scammer. It is possible their device is not infected and their number has been spoofed
  • Make a report to ReportCyber if you have been a victim of this cybercrime
  • You can also report to Scamwatch here
  • If you have lost personal information to a scammer and are concerned you can contact IDCARE or call 1800 595 160
  • If you have installed the malware, contact your bank and ensure your accounts are secure and contact an IT professional