Flubot scams

Since August 2021, many Australians have been receiving scam text messages about missed calls, voicemails, deliveries and photo uploads. The text messages ask you to tap on a link to download or access something. Doing so will download a specific type of malware to your device. These are ‘Flubot’ text messages.

What is Flubot?

Flubot is malicious software (malware) that sends text messages to both Androids and iPhones. There are a large number of different types of Flubot text messages and scammers are updating them all the time. We strongly recommend that you never click on the links in these messages. It is best to delete them immediately.

Android phones are more at risk, as we outline below.

The content of the text messages varies but they all contain a link containing 5-9 random numbers. They will often ask you to download an app to track or organise a time for a delivery, hear a voicemail message, or view photos that have been uploaded.

However, there is no delivery, voicemail, or photos uploaded and the app is actually malware called Flubot. If you have an Android device, typically the application downloaded is called Voicemail71.apk, Update42.apk’ or DHL34.apk. This application is malware.

The application may be able to:

  • read your text messages
  • send text messages from your phone
  • make phone calls from your number
  • access your contacts

Installing the software is likely to give scammers access to your passwords and accounts. They may be able to use this information to steal your money or personal information.

It will also ask other infected Australian phones to send Flubot messages to the numbers it steals from your phone, continuing and expanding the scam. So, if you called the person that sent you the message, it would be another victim of the scam whose device was infected.

We note that Apple devices cannot be infected with Flubot but will likely be infected with other malware if you click on these links.

How does Flubot work?

Flubot text messages are sent with a link which almost always contains a series of 5-9 random letters and numbers at the end. Here's a list of what typically occurs:

1. Phone owner gets a text message containing a php link
2. Clicks link and is invited to install software
3. Phone becomes infected with malware
4. Infected phone's contacts are added to central list of Flubot text messages
5. Flubot can steal banking, contact amd personal info from infected device

If you click or tap on the link you will usually be taken to a screen where you will be asked to download an app for a purpose that relates to the text message. For example, if the text message was about a delivery the screen will likely show courier branding and a button or link which asks you to download an app to track the progress of your delivery.

Clicking the link may lead to a page which states that your device has already been infected with Flubot and that you need to install a security update to remove it. This is a tactic by the scammers designed to scare you into clicking the ‘install’ button. Clicking this infects your device with the Flubot malware.
Screenshot of Android, your device is infected with Flubot malware

These pages will often say that a window may appear preventing the installation, and that you should enable the installation via your devices settings. This is another trick to move you through the process and download the malware to your device.

Protect yourself

How to avoid your device from being infected

If you receive a message you suspect may be a scam, delete it immediately.

Do not click on links in text messages that contain a link with a series of random numbers and letters.

Do not call back the individual who sent the text. It’s unlikely that they are a scammer or criminal. Scammers can disguise their caller ID as legitimate numbers to carry out these scams. This is also known as spoofing.

Have you downloaded the Flubot malware?

Act immediately. If you’ve already clicked the link to download the application, your passwords are at risk from hackers.

  • Don't enter any passwords or log into any accounts until you have cleaned your device. If you need to check your online banking, use a different device.
  • Clean your device using the steps below to remove the malicious software.
  • Change your passwords and secure your information.
  • Contact your bank and ensure your accounts are secure.

If you have logged in to any accounts or apps using a password since downloading the app, you need to change your passwords. If you have used the same passwords for any other accounts, you also need to change those passwords.

Cleaning your device

Remove the malicious software from your Android device using these steps:

  1. Contact an IT professional
  2. Download official Android anti-virus software through the Google Play store
  3. Perform a factory reset of the device
  4. Use the 'Erase all Content and Settings' or 'Factory reset' features
  5. Don't restore from any backups created after you downloaded the app

Note: Performing the reset of your device will delete all of your data, including photos.

Learn more about Flubot scams and other relevant phone scams by reading this news item or at the ID Care website.

Have you been scammed?

If you think you have provided your account details or personal identification details to a scammer, contact your bank, financial institution, or other relevant agencies immediately.

We encourage you to report scams to the ACCC via the report a scam page. This helps us to warn people about current scams, monitor trends and disrupt scams where possible. Please include details of the scam contact you received, for example, SMS or screenshot.

We also provide guidance on protecting yourself from scams and where to get help.

Spread the word to your friends and family to protect them.

More information

Malware tricks you into installing software that allows scammers to access your files and track what you are doing, while ransomware demands payment to ‘unlock’ your computer or files.