hackers trick unsuspecting Android phone users by impersonating well-known delivery services such as FedEx or DHL and send SMS messages leading them to download a malicious app containing the FluBot malware. Text messages include “FEDEX Your package is arriving, track here” and another stating a delivery date and a link to “follow the journey.”
What’s worse, the app that contains the malware seems credible due to the threat actors using the official delivery service’s logo and believable APK files. If users download the app, they would still need to allow full access for the malware to work, including allowing notification access.
The FluBot malware can steal private information using display overlays, including credit card details and banking credentials, while also acting as an SMS spammer. it also “sends the victim’s contact list and retrieves an SMS phishing message and number to continue its spread using the victim’s device.”
tens of thousands of malicious SMS messages can be sent at an hourly rate, making it easy to spread to other Android users around the world.
The phishing scam doesn’t appear to be affecting those with iPhone, but all smartphone users should beware of sketchy text messages from delivery companies. Stay away from links sent via text message from “official” companies. If you are expecting a package and receive a well-timed text, it’s better to head to the delivery service’s official website and track your package from there.
There are plenty of ways to keep your private information safe from prying eyes. If you’re getting sick of spam calls, iPhone and Android phones can permanently stop spam calls. Plus, Windows 10 has a secret anti-ransomware feature that you should switch on, and you can check if your email addresses have been involved in data breaches using Have I Been Pwned?.