A new malware variant has been identified which can send MMS rather than SMS from infected devices. Customers with potentially infected devices should follow the same process as FluBot to remove the malware as per the information below from the NCSC.
Flubot malware is malicious software that is installed when a victim receives a text message and follows a link, asking them to install a tracking app. This could be informing them of a "new voicemail" received or a ‘missed package delivery’. The tracking app is in fact spyware that steals passwords and other sensitive data and then also sends out multiple text messages to further pass on the malware.
We will be sending text messages to customers that we have identified as being impacted by this scam, the text messages will link to this community article and we have including the contents of the text below so that you know it is genuine.
How can I spot this particular scam
Victims receive a text message, with a link asking them to install an app either for a new voicemail or a ‘missed package delivery’. See examples below for each of these, however, the message and app/link may vary and reference any company.
What happens to my phone if I install Flubot Malware?
The Flubot malware impersonates other apps on a victim’s phone to steal their banking credentials and other private information. It will also access contact details and send out additional text messages – further spreading the spyware. It can eavesdrop on incoming notifications, read and write SMS’, make calls, and transmit the victims’ entire contact list back to its control centre.
If you receive a scam text message:
- Do NOT click the link in the message, and do not install any apps if prompted.
- Forward the message to 7726, a free spam-reporting service provided by phone operators.
- Delete the message.
If you have already clicked the link to download the [Flubot] application:
The NCSC (National Cyber Security Centre) have released guidance on what to do if you receive a Flubot SMS. You can find out more from the NCSC HERE.
How to protect yourself
You must clean your device, as your passwords and online accounts are now at risk from hackers.
- DO NOT enter your password, or log into any accounts until you have followed the below steps.
- To remove any Malware from your device you should
Perform a factory reset as soon as possible. The process for doing this will vary based on the device manufacturer, and guidance can be found here.
Note that if you don't have backups enabled, you will lose data. - Protect any online accounts
If you have logged in to any accounts or apps using a password since downloading the app, that account password needs to be changed. - If you have used these same passwords for any other accounts, then these also need to be changed.
To protect yourself from future scams like this, you should
- Back up your device to ensure that you don't lose important information like photos and documents. The CyberAware campaign explains how to do this.
- Only install new apps onto your device from the app store that your manufacturer recommends. For example, most Android devices use Google's Play Store. Some manufacturers, such as Huawei, provide their own app store.
- For Android devices, make sure that Google's Play Protect service is enabled if your device supports it. Some Huawei devices provide a similar tool to scan devices for viruses. This will ensure that any malware on your device can be detected and removed.
- On Android devices you can use a messaging app such as Google messages which offers spam protection. There are also third party security solutions available on Google Play Store which will filter incoming spam SMS.
- You can use a browser which is protected by technology to warn you when you are visiting a known dangerous site. Google Chrome, Firefox and certain other browsers are protected by Google Safebrowsing technology that displays a warning if you browse to a known Flubot site.
Hi all,
Another one below. Watch out everyone. HSBC have a good page on the text they send. I have forwarded it EE.
