Mobile network operators and security researchers worldwide have issued warnings regarding an SMS scam infecting users with the dangerous Flubot malware. Once installed, Flubot can take over a device, spy on the owner, steal data, and more.

Flubot Epidemic Spreading Across UK

The United Kingdom is the latest country to report a surge in Flubot malware cases.

The malware is spread using scam text messages that appear to come from a trusted source, such as a delivery company or similar. Unlike previous SMS scams, these messages don't contain a phishing link. Instead, each SMS contains a fake URL that, when opened, attempts to install the Flubot malware on the smartphone.

On an Android device, the user is taken to a page advising on installing an app of some sort, usually a special package tracking tool for a parcel or similar. However, the app is fake and contains Flubot malware.

As part of the instructions, Android users are asked to switch off their regular device protection. The default security settings on Android devices stop anyone from installing apps outside the official Google Play app store to protect against such threats.

Related: Love Online Shopping? The Postal Scams You Should Avoid

Once this security setting is switched off, the user downloads and installs the malicious app (using an APK, an Android app installation package), which grants the attacker access to their device, personal data, and more.

So, why is the Flubot considered such an issue?

After gaining access to the victim's device, Flubot can message everyone on the device contact list, spreading the malware fire and wide with relative ease. Given the scope of most people's contact list—family, friends, relatives, elderly grandparents, kids—it's easy to see how quickly Flubot can spread.

At the time of writing, there are thousands of confirmed Flubot infections in the UK. There are also significant numbers in Spain, Poland, and Germany, with other countries showing increasing infection rates.

Is There a Vaccine for the Flubot Malware?

SMS scams that use delivery services as a cover work exceptionally well. More people shop online than ever before, especially since the start of the COVID-19 pandemic. Quite often, we are waiting for an update from a delivery service or courier, informing us as to where our precious goods are.

Related: Watch Out For These COVID-19 Cyber Scams

Factor in that Flubot guides users through the process of disabling smartphone devices, and you have a very difficult to stop malware issue for those who don't realize what they're up against.

The best advice you can give anyone regarding SMS scams and fake messages is never to click the links. Of course, that's easier said than done, but if you repeat the mantra to friends, family, and relatives, it'll get through to some.