26-04-2021 04:44 PM - last edited on 29-04-2022 03:51 PM by Leanne_T
A new malware variant has been identified which can send MMS rather than SMS from infected devices. Customers with potentially infected devices should follow the same process as FluBot to remove the malware as per the information below from the NCSC.
Flubot malware is malicious software that is installed when a victim receives a text message and follows a link, asking them to install a tracking app. This could be informing them of a "new voicemail" received or a ‘missed package delivery’. The tracking app is in fact spyware that steals passwords and other sensitive data and then also sends out multiple text messages to further pass on the malware.
We will be sending text messages to customers that we have identified as being impacted by this scam, the text messages will link to this community article and we have including the contents of the text below so that you know it is genuine.
Victims receive a text message, with a link asking them to install an app either for a new voicemail or a ‘missed package delivery’. See examples below for each of these, however, the message and app/link may vary and reference any company.
The Flubot malware impersonates other apps on a victim’s phone to steal their banking credentials and other private information. It will also access contact details and send out additional text messages – further spreading the spyware. It can eavesdrop on incoming notifications, read and write SMS’, make calls, and transmit the victims’ entire contact list back to its control centre.
If you receive a scam text message:
If you have already clicked the link to download the [Flubot] application:
The NCSC (National Cyber Security Centre) have released guidance on what to do if you receive a Flubot SMS. You can find out more from the NCSC HERE.
You must clean your device, as your passwords and online accounts are now at risk from hackers.
26-04-2021 06:01 PM
Hi,
There is the same text going around for Hermes. Watch out.
Thanks
26-04-2021 07:27 PM
I had 3 of these messages in the last 48 hours
27-04-2021 07:47 AM
Hi @bordeline.
I'd recommend forwarding these messages to 7726 so they can be investigated further.
Please don't open any links that may be in the messages.
Jon
27-04-2021 06:11 PM
Hi all,
Another one below. Watch out everyone. HSBC have a good page on the text they send. I have forwarded it EE.
02-05-2021 12:04 AM
Thanks for the Info
02-05-2021 05:28 PM
I have had 3 of these in the last 2 days. 1 DHL, 1 HSBC and ASDA too. Reported all numbers
03-05-2021 08:28 AM
03-05-2021 11:34 AM
Really this is nothing new.
= Scam. Doesn't matter what the virus is called.
04-05-2021 04:34 PM