Android users in the UK have been issued an urgent warning about their mobile phones.
It has come to light that a new scam has emerged, which attempts to steal bank details from people who use Android phones.
Members of the public are being sent messages containing links to tracking apps for delivery companies such as DHL – however, the links are actually directing victims to a fraudulent app.
Flubot, as the app is known, can take over devices and spy on phones to gather sensitive data, including online banking details.
It also has the ability to trawl though contact lists – allowing the scam to widen its reach, reports the Mirror.
Vodafone said millions of the text messages were already being sent, across all networks.
“We believe this current wave of Flubot malware SMS attacks will gain serious traction very quickly, and it’s something that needs awareness to stop the spread,” a spokesman said.
The company said anyone who has installed the app should reset their device to factory settings.
Customers should “be especially vigilant with this particular piece of malware”, he said, and be very careful about clicking on any links in a text message.
Other networks, including EE and Three, followed with warnings of their own.
The National Cyber Security Centre (NCSC) urged people not to click on unsolicited links.
“If users have clicked a malicious link it’s important not to panic – there are actionable steps they can take to protect their devices and their accounts,” a statement said.
“The seriousness of these malicious text messages is underlined by Vodafone making the decision to alert its customers,” said Ben Wood, chief analyst at CCS Insight.
“This has the potential to become a denial-of-service attack on mobile networks, given the clear risk that a rogue application can be installed on users’ smartphones and start spewing out endless text messages.
“The broader risk for users is a loss of highly sensitive personal data from their phones,” he added.
One version of the scam reported online pretends to be a text message from DHL, with a link to a website for parcel tracking.
If someone using an Android phone clicks on the link, they will be taken to a page “explaining” how to install the parcel tracking app using something called an APK.
APK files are a way of installing Android apps outside of the secure Google Play store.
By default, such applications will be blocked for security reasons, but the scam page includes instructions on how to bypass any restrictions.
That can be confusing, as there are some niche genuine cases for installing those kind of apps – such as downloading the Fortnite video game, which was removed from the official app store amid a major legal row between its owner and Google.
Apple iPhone users are not affected as those phones cannot install Android APKs.
Kate Bevan, computing editor at consumer magazine Which? said people have to be “wary” of texts.
“If you’re not sure, contact the delivery company’s official customer service helpline,” she said.
“As ever, it’s important to make sure that your mobile phone is up to date with security patches. Consider also installing mobile security software from a trusted brand.”
Industry body Mobile UK said users who receive a suspicious message should forward it to 7726 to report it, a spokesman said – and then delete the message.
Action Fraud, the official anti-scams body, said suspicious text messages should be forwarded to 7726 where it can be investigated.
If your personal details have been compromised, alert you bank and phone provider immediately. It’s also important to change any passwords.
How to protect yourself
- Don’t assume anyone who’s sent you an email or text message – or has called your phone or left you a voicemail message – is who they say they are.
- If a phone call or voicemail, email or text message asks you to make a payment, log in to an online account or download an app, be cautious.
- If in doubt, check it’s genuine by asking the company itself by sourcing the web page or contact number yourself.
Never call numbers or follow links provided in suspicious emails; find the official website or customer support number using a separate browser and search engine.
Spot the warning signs
- The spelling, grammar, graphic design or image quality on the message is of poor quality. They may use odd ‘spe11lings’ or ‘cApiTals’ in the email subject to fool your spam filter.
- If they know your email address but not your name, it’ll begin with something like ‘To our valued customer’, or ‘Dear…’ followed by your email address.
- The website or email address doesn’t look right; authentic website addresses are usually short and don’t use irrelevant words or phrases. Businesses and organisations don’t use web-based addresses such as Gmail or Yahoo.