Since August 2021, many Australians have been receiving scam text messages about missed calls, voicemails, deliveries and photo uploads. The text messages ask you to tap on a link to download or access something. Doing so will download a specific type of malware to your device. These are ‘Flubot’ text messages.
What is Flubot?
Flubot is malicious software (malware) that sends text messages to both Androids and iPhones. There are a large number of different types of Flubot text messages and scammers are updating them all the time. We strongly recommend that you never click on the links in these messages. It is best to delete them immediately.
Android phones are more at risk, as we outline below.
The content of the text messages varies but they all contain a link containing 5-9 random numbers. They will often ask you to download an app to track or organise a time for a delivery, hear a voicemail message, or view photos that have been uploaded.
However, there is no delivery, voicemail, or photos uploaded and the app is actually malware called Flubot. If you have an Android device, typically the application downloaded is called Voicemail71.apk, Update42.apk’ or DHL34.apk. This application is malware.
The application may be able to:
- read your text messages
- send text messages from your phone
- make phone calls from your number
- access your contacts
Installing the software is likely to give scammers access to your passwords and accounts. They may be able to use this information to steal your money or personal information.
It will also ask other infected Australian phones to send Flubot messages to the numbers it steals from your phone, continuing and expanding the scam. So, if you called the person that sent you the message, it would be another victim of the scam whose device was infected.
We note that Apple devices cannot be infected with Flubot but will likely be infected with other malware if you click on these links.
How does Flubot work?
Flubot text messages are sent with a link which almost always contains a series of 5-9 random letters and numbers at the end. Here's a list of what typically occurs:
If you click or tap on the link you will usually be taken to a screen where you will be asked to download an app for a purpose that relates to the text message. For example, if the text message was about a delivery the screen will likely show courier branding and a button or link which asks you to download an app to track the progress of your delivery.
These pages will often say that a window may appear preventing the installation, and that you should enable the installation via your devices settings. This is another trick to move you through the process and download the malware to your device.
How to avoid your device from being infected
If you receive a message you suspect may be a scam, delete it immediately.
Have you downloaded the Flubot malware?
Act immediately. If you’ve already clicked the link to download the application, your passwords are at risk from hackers.
If you have logged in to any accounts or apps using a password since downloading the app, you need to change your passwords. If you have used the same passwords for any other accounts, you also need to change those passwords.
Cleaning your device
Remove the malicious software from your Android device using these steps:
Note: Performing the reset of your device will delete all of your data, including photos.
Have you been scammed?
If you think you have provided your account details or personal identification details to a scammer, contact your bank, financial institution, or other relevant agencies immediately.
We encourage you to report scams to the ACCC via the report a scam page. This helps us to warn people about current scams, monitor trends and disrupt scams where possible. Please include details of the scam contact you received, for example, SMS or screenshot.
Spread the word to your friends and family to protect them.