Warning about major Android “package delivery” scams


Android logo on the phone screen in landscape mode, placed on an elaborate metal table illuminated by golden light

Android logo on the phone screen in landscape mode, placed on an elaborate metal table illuminated by golden light

Experts warn that text message scams that infect Android phones are widespread throughout the UK.

This message pretends to be from a courier company and prompts users to install a tracking app, but it’s actually malicious spyware.

Called Flubot, you can hijack your device to spy on your phone and collect sensitive data such as online banking details.

Network operator Vodafone said millions of text messages have already been sent across all networks.

“We believe this current wave of Flubot malware SMS attacks will soon gain serious momentum, which requires awareness to stop its spread,” said a spokesman.

Customers need to be “specially aware of this particular malware” and be very careful when clicking links in text messages.

“If you’re not sure, the best advice is to ignore, report, and remove,” he added.

Other networks, Including EE And three, Followed by its own warning.

The malware also has the ability to send more text messages to infected users’ contacts to help spread them.

“The seriousness of these malicious text messages is highlighted by Vodafone’s decision to warn its customers,” said Benwood, chief analyst at CCS Insights.

“This can be a denial of service attack on mobile networks, given the obvious risk that malicious applications could be installed on the user’s smartphone and start spitting out endless text messages.

“The broader risk for users is the loss of sensitive personal data from mobile phones,” he added.

Text message scams that claim to be about a parcel delivery company are common, but they are primarily focused on phishing-trying to trick users into filling out forms with bank details and other information. I will.

This latest wave is different because it tries to install malicious software on the phone itself, and because of the scale of its spread.

One version of the scam reported online is pretending to be a text message from DHL containing a link to a website for tracking parcels.

When a person using an Android phone clicks on the link, they are taken to a “explain” page on how to install the parcel tracking app using what is called an APK.

APK files are a way to install Android apps outside the secure Google Play store. By default, such applications are blocked for security reasons, but the fraud page contains instructions on how to allow the installation.

This is because there are some niche real cases for installing this kind of app, such as downloading a Fortnite video game that was removed from the official app store in a big legal dispute between the owner and Google. Can be confusing.

Apple iPhone users will not be affected as they cannot install the Android APK.

In a blog post detailing the scam, security researcher Paul Morrison wrote that he expects “the success rate to be low” because of the hurdles involved.

But he says: “Given the number of SMS sent, a success rate of only 0.1% can be very beneficial.”

Flubot malware has spread to other countries in recent months, especially Spain, Germany and Poland.

“We are actively coordinating with the National Cyber ​​Security Center (NCSC) to minimize potential damage,” said Mobile UK, an industry group.

A spokesman said that a user who receives a suspicious message should forward it to the 7726, report it, and delete the message.