A piece of malware that has the capacity to allow criminals steal personal data including financial information from Android phones is circulating in Ireland, the National Cyber Security Centre (NCSC) has warned.
In an alert the NCSC said it had received reports of a spyware software known as FluBot affecting Android users in Ireland.
It is been circulating around Europe for several weeks and has the potential to impact customers of all phone networks in Ireland.
*PUBLIC SERVICE ANNOUNCEMENT*
— Vodafone Ireland (@VodafoneIreland) June 2, 2021
We are aware of a sophisticated scam SMS called Flubot, which is now circulating in Ireland. We'd like to warn our customers to take the following actions if they receive an SMS from a company they do not recognise regarding tracking of a package
The malware is “used by malicious parties to steal passwords and sensitive data from the victims’ mobile device,” the warning says.
“It will access victims’ contacts and spread the malicious application through further text messages.”
The rogue messages typically contain a link for the victim to click on to get details of a missed package delivery.
The link will direct the victim to a fake website replicating the legitimate delivery company’s site. The victim will then be asked to download two .apk files which are banking trojans.
Users will also be prompted to manually override and allow an untrusted app download.
Apple devices are not currently affected by this malware, the NCSC said. However, Apple users may still get the text messages and may be directed to scam websites which may attempt to steal personal information.
The NCSC added that anyone who gets such a message should delete it without following any links. Anyone expecting a delivery should check it through the company’s official website.
People who have already clicked on the link and installed the app will have to perform a factory reset on the device.
If they have an online banking app on their phone they will also need to contact their financial institution urgently and ask for guidance on what to do next.
Any passwords that are stored on the phone – including those referenced in SMS messages – will also have to be changed.
However, those who have received the message but do not download the files will not have their phone compromised and should just delete the message without delay.
When restoring backups people should not restore from any backups created after the malicious app was installed as these will be infected.
Users of Android phones and devices, such as those manufactured by Samsung, Huawei and Google, are most at risk from the scam.
The National Cyber Security Centre in Britain and a number of mobile operators there have issued warnings over the scam, which has the potential to become a denial-of-service attack on mobile networks, given the clear risk that a rogue application can be installed on users’ smartphones and start spewing out endless text messages.