Thousands of Australians have been hit by a new scam text message known as Flubot, which aims to install malware on their phones.
Flubot is a type of malware targeting Android users, but iPhone users can also receive the messages. It tells the receiver they missed a call or have a new voicemail, providing a fake link to listen.
The link will take people to a website that looks like an official brand – in Australia it could be Telstra but in Europe it was parcel delivery companies. The page tells users to install software on the phone to hear the message.
If the user agrees, it then installs malware. If permissions are granted to the app, then the attackers will have access to credit card details, personal information, the ability to intercept SMS messages, open browser pages and capture other information held in the phone.
The malware also gives the attacker access to a user’s contact list, and potential new targets.
The aptly-named Flubot malware does not work on iPhones, and only works on Android phones that have enabled side-loading of apps – that is, apps installed on the phone from outside of the Google Play app store.
There are manual ways to remove the malware, but Telstra has advised customers a factory reset of the phone and restoring it to a version prior to the malware being installed may be the easiest option.
Flubot first hit Europe earlier this year before Australians began being spammed with it this month. The Australian Competition and Consumer Commission told Guardian Australia that since the first report on 4 August, its Scamwatch service has received over 3,700 reports of this particular scam.
Between 4 and 17 August Scamwatch received 413 reports per day for all SMS-related scams including Flubot, compared to 122 between 1 July and 3 August.
Telstra has begun directly alerting customers it believes might have been hit by the scam, but said it is difficult to block the scam on a network level because the link for the malware is constantly changing.
Telstra’s deputy chief information security officer, Clive Reeves, said last week the company was “working with the security community to address this scam” but advised people not to click on the links, and if they are a victim of an attack, change their passwords after restoring their device.
An Optus spokesperson said the company had begun contacting customers who were affected. The telco has also suggested McAfee antivirus software Wi-Fi Secure as an option to protect people who have their phones connected to home wi-fi.
A spokesperson for TPG – which owns the Vodafone Australia brand – said the company had blocked almost 14m scam SMS in the past week, including the Flubot scam.
“As scammers constantly morph their tactics, we continually update our filters and mechanisms to catch new scams,” the spokesperson said.
“Like all mobile network operators globally, we have been seeing increased activity from this particular scam, but we have blocked a high proportion of those messages.”
Scamwatch has advised people who have fallen victim to the scam should contact ReportCyber as well as Scamwatch, and can also contact IDCare if they have lost personal information.
The ACCC has been sharing intelligence on the scam with Australian telecommunications companies and also reporting to the Australian Cyber Security Centre.