• Aaron Yates

Flubot: An Important Alert Issued to Android Users

The Government’s National Cyber Security Centre (NCSC) and major mobile operators, including Vodafone, have issued a warning and guidance to Android device users.

The Android operating system powers many popular phones, including those by Samsung (e.g. Galaxy S21), Google (e.g. Pixel 4a), and Xiaomi (e.g. Mi 11). Built and maintained by Google, Android powers an estimated 2.5 billion smartphone and tablet devices globally.

The particular warning issued concerns a new variant of malware (malicious software) called “Flubot”.

Flubot is spread by SMS (Short Message Service, commonly called a text message). The recipient is informed that they have missed a parcel delivery, and to follow a link to download an App to track their parcel’s status. Following usual social engineering tactics, this SMS may be entirely plausible for the recipient, increasing the chance of the link being clicked.

If the recipient downloads the suggested App, there are two immediate consequences:

  1. the malware propagates itself by sending SMS from the recipient’s phone to all contacts in their phone book with the same phishing message, and

  2. the App will make a copy of all data on the smartphone or tablet device, and send the copy to the malware’s authors - e.g. photos, documents, etc. Put simply, a potentially severe breach of information security and data protection.

Note: this malware does not affect Apple iOS or iPad OS devices. They are, however, prone to other threats.

What you should do now

For Flubot to infect your Android device, the App must be installed. This app is not provided through Google’s Play store. If any App ever asks to be installed outside of the Play Store, you should immediately cease the process.

If you use an Android device, always ensure you:

  • have all software updates installed,

  • have anti-malware software installed and up to date, and

  • have a backup of your important files.

To reduce the likelihood of becoming a victim of a phishing attack, always immediately distrust any message you receive on a computer. If in doubt, delete the message - do not respond to it, or click any links.

The NCSC has issued further guidance, which we recommend should be read by all Android device users: https://www.ncsc.gov.uk/guidance/flubot-guidance-for-text-message-scam