Flubot: The strange ‘missed call’ SMS affecting millions of Australians

Share:

Share on facebook
Share on twitter
Share on linkedin

If you’ve been receiving some strange SMS messages mentioning a missed call or voicemail recently, you’re not alone. You may have caught the Flubot, which spreads via SMS and can infect insecure Android phones.

Key takeaways

  • Flubot is a malware if you click a malicious link in a SMS message
  • It is affecting many people throughout Australia and has been doing the rounds in Europe for some time
  • There are ways to know if you have been infected (read our article below for more!)
  • If affected, you may need to do a factory reset to really do away with the ransomware.


What is Flubot?

FluBot is malware that can be installed on your Android device if you click on a malicious link in a SMS message.

This malware then sends many similar text messages to other people from your phone without your knowledge, potentially infecting them.

Telcos in Australia have identified a large number of handsets which have been potentially infected.

If installed, the malware has wide access and can harvest a contact list to further spread, as well as accessing personal information and banking details if you used it while infected. If infected, you should urgently remove the malware and change all your passwords, using another device that is not infected.

The Flubot malware has started to appear in Australia after circulating around Europe for some time.

How do phones get infected?

You may receive an SMS from another mobile telephone number with a message like

“a1bcd2 Voicemail: You have 1 new Voicemail(s). Go to [link]”

If you click on the link, you will be taken to a web page displaying a trusted brand and prompted to install an app, for example to listen to the voicemail message. If you give permission to install, then the Flubot malware will be loaded on your device.

Flubot is a sophisticated piece of malware because it spreads by sending SMS messages to random mobile numbers, as well as mobile numbers scraped from a compromised Android device’s contact list. Each time it does this it creates a new, unique link, making it difficult to block at a network level. This is why telcos in Australia have been unable to block the malware to date.

These messages are also being sent from infected devices all across the world that have fallen victim to the malware.

To have your mobile phone compromised by the Flubot malware, you would have to click on the link and visit the malicious website in the SMS you receive. It will only affect Android phones that have previously enabled the ‘side-loading’ of applications onto the device (which means the device is configured to permit the installation of software from less trustworthy locations than the Google Play Store) – so unless you’ve done this, you can rest easy.

How to know you are infected

If your device is infected with Flubot, you will not know if your personal data is being accessed, and you will not be able to see your handset sending SMSes to infect others.

The following are warning signs:

  • In your apps is a new app called “Voicemail” with a blue cassette in a yellow envelope. If you try to uninstall you receive an error message “You can not perform this action on a system service.”
  • You receive text messages or telephone calls from people complaining about messages you sent them but you did not know about the messages.
  • Telstra or another telco may detect you sending very high volumes of messages and send you an SMS, saying: “Your phone is sending many SMSes and may be infected with malware/virus. Please remove the malware app or we may suspend your ability to send SMS. Search FLUBOT on Telstra website or call us for help.”

What should one do if infected

Importantly, just because you’ve received the above text message does not mean that your phone is already affected. If you’ve just received one of these messages, do not open the link and you’ll remain protected.

If you have clicked on the link and downloaded the software, chances are your device is now infected.

Most popular anti-virus applications for Android phones will detect Flubot to prevent infection, as well as clean up a currently infected device. Some information on how to remove Flubot from an Android device is available from security researchers at ESET and F-Secure.

However, the instructions can be very technical.

If this is challenging, you can also do a factory reset on your phone, which erases the malware.

Performing a “restore” of any recent backup may restore the malware if a backup was done while the malware was installed, so it’s important that you use a back up that is dated earlier.

After you’ve removed the malware, we advise changing passwords as a precaution.

Ahmed Khanji

Ahmed Khanji

Ahmed Khanji is the CEO of Gridware, a leading cybersecurity consultancy based in Sydney, Australia. An emerging thought leader in cybersecurity, Ahmed is an Adjunct Professor at Western Sydney University and regularly contributes to cybersecurity conversations in Australia. As well as his extensive background as a security advisor to large Australian enterprises, he is a regular keynote speaker and guest lecturer on offensive cybersecurity topics and blockchain.

Emergency Assistance

Under Attack?

Please fill out the form and we will respond ASAP. Alternatively, click the button to call us now.