Flubot, a dangerous virus targeting Android devices, is circulating again. This virus can take full control of your device and cause a high bill. Like most similar threats, Flubot spreads primarily via SMS/MMS. Currently, we see the use of different methods with a similar goal: persuading you to install a malicious app. At the moment, it is about installing a voicemail app via SMS/MMS. Do not click on the link in a suspicious message and do not download any apps if you are asked to. Only install applications from a standard application store (Google Play Store, App Store). If during the installation of an app you receive a message that prevents the installation or warns about safety, do not proceed.
Did you get this message? Don't click on the link!
- Did you get this message? Don't click on the link!
- Don't click on the link in the message (image above)
- If you click on the link, it asks you to download an app. Do not do this under any circumstances. If you do, a virus is installed on your device that can access your personal data such as passwords, bank card details and your entire contact list. The virus uses your number to send messages to your contacts and also other mobile phone numbers.
- Please forward a screenshot of the message to firstname.lastname@example.org. We will get the links in the message blocked.
- Delete the message
How can you tell if you have installed the app?
- A new app appears among your other apps.
- You cannot delete this app.
Did you install the app? Remove the virus.
Do not enter your password or log into an account until you have tried one of these solutions.
Choose whichever of these two methods that seems easiest for you. If you have any difficulties, ask for help from someone who is good with smartphones.
Method 1: Reset your device to factory settings
- Turn on airplane mode on your smartphone.
- Reset your device to factory settings. The process for doing this varies depending on the manufacturer of the device. Please note that if you do not have backups enabled, you will lose your data.
- Restore your data with your backup. Note that the backup must have been made before you installed the app and the virus.
- Your apps need to be downloaded again from the app store.
Method 2: Reboot your device in "safe mode" and remove the fake app
- Reboot or start the device and choose 'safe boot' or 'safe restart'. The way to do this varies from device to device. Sometimes, for example, you have to hold down the volume button at the same time as the power button. If necessary, look up how this is done for your device (make, type, version). See how to do this here.
- Your device is now in 'safe mode'. You will see this displayed somewhere on the screen.
- Now go to 'settings', 'apps'.
- Select the fake app and uninstall it.
- Turn off your device again and reboot in normal mode.
- Change all passwords of your accounts that you can access with your smartphone.
- A text message may have been sent to all your contacts in your name. Notify your contacts as soon as possible.
- If messages have been sent to your contacts from your number, you may not notice it immediately. You can see on your phone bill that mass messages have been sent, though. Contact your operator if you notice this on your bill. Misuse of your number will only stop once you have deleted the app.
How to protect yourself against future scams like this one
- Always think twice before clicking a link in a post. Chances are you'll be getting more smishing and phishing messages on behalf of other courier services in the near future.
- Activate a spam filter on your device.
- Install a virus scanner on your device.
- Block suspicious numbers.
- Only install apps from a standard app store (Google Play Store, App Store). If you get a message during the installation of an app that prevents the installation or warns about safety, definitely do not proceed.
- For Android devices, make sure that Google Play Protect is enabled if your device supports it.