Advisory – SMS Scam Campaign targeting Android Users

ComReg would like to make mobile phone users aware of a warning from the National Cyber-Security Centre (NCSC) in relation to a scam message sent through a mobile phone message.

The NCSC has received reports of a spyware software labelled FluBot Messaging Malware affecting Android users in Ireland.

Below are the potential impacts to users should their devices become infected with Flubot:

• Once infected Flubot can Make Phone Calls;
• Steal passwords and other sensitive data;
• Access contact details and send out additional text messages, thereby further spreading the malware;
• Change Accessibility Settings on devices.

Please note that this threat is not specific to any Mobile Operator and users across all mobile networks are at risk of receiving these messages.

The messages typically contain a link for the victim to click on to get details of a missed package delivery. This link will direct the victim to a fake website replicating the legitimate delivery company site. The victim will then be asked to download two .apk files which are banking trojans. Users will then be prompted to manually override and allow an untrusted app download.

Here is an example of the message sent:

Apple devices are not currently affected by this malware.

If you receive a message as described above the NCSC advises:

• DO NOT click on the link, and delete the message.
• If you are expecting a delivery, check it through the companies official website.
• If you have clicked on the link and installed the app – perform a factory reset on the device. (Note: If you do not have backups you will lose data).
• When restoring backups do not restore from any backups created after you installed the malicious app as these will be infected.
• Reset passwords on any accounts used after you installed the app. If you use the same passwords on other accounts, change these also.
• Ensure that the Google Play Protect service is switched on.

find the full advisory from the NCSC here.