Reports of widespread spread of the "FluBot" spyware, sent via text messages that appear to be a missed package delivery, are affecting Android phones and devices.

The 'FluBot' spyware is installed when you follow the instructions in a text message prompting you to install a tracking app due to a "missed package delivery". The tracking app is the spyware that steals passwords and other sensitive information. It will also access contact information and send out additional text messages, which means that the spyware will spread further.

The text message contains a link that the victim is asked to click on. The link leads to a scam website.

Recommendations

  • Do not click on the link.
  • Do not install apps if prompted via text messages.
  • Be extra watchful. If you are expecting a parcel delivery, it is better to go to the company's official website and track the delivery. Do not use the link in the fraud message.
  • Delete the message.

If you have already clicked and downloaded the app

The spyware must be cleaned away from the device. If it is a company mobile, you should first check with IT Services how the device should be handled, but do not enter any passwords or log in to services or accounts via the device until it has been cleaned.

The cleaning is performed with the following steps:

  • Perform a factory reset of the device.
  • If you are going to set up the device after the restore by restoring from a backup, you should not restore from backups created after downloading the app. The device then risks becoming infected again.
  • Change the password for the accounts you logged in to after your device became infected.