Android users warned over Flubot delivery app scam that can collect bank details
Android users are being warned about a new scam that could be attempting to steal their banking details.
It’s emerged that Android users in the UK have been sent messages and notifications containing links that appear as if they will divert them to tracking apps for delivery companies like DHL.
Advertisement
Hide AdAdvertisement
Hide AdHowever, clicking on the links provided takes them to Flubot, a fraudulent app that can take over devices and spy on phones to gather sensitive data.
According to the Mirror, the app also has the ability to trawl contacts lists, sending on similar dud notifications to your friends and widening its net for more victims.
Vodafone has made details of the scam public to its users and on social media, a move that reflects the “seriousness of these malicious text messages” said Ben Wood, chief analyst at CCS Insight.
"We believe this current wave of Flubot malware SMS attacks will gain serious traction very quickly, and it's something that needs awareness to stop the spread," a Vodafone spokesperson told the Mirror.
Advertisement
Hide AdAdvertisement
Hide AdHow does the scam work?
One version of the scam reportedly pretends to be a text message from DHL, with a link to a website for parcel tracking.
But clicking on the link with an Android device will take the user to a page that explains how to install said app with an APK, a type of file that allows users to install apps not approved for listing on Google’s secure Play store.
In reality, the APK isn’t for DHL parcel tracking at all, but instead for Flubot.
APK files are blocked from being installed for security reasons by default, but enabling them is a simple trick, and the scam page even includes instructions on how to do so.
Advertisement
Hide AdAdvertisement
Hide AdAPK files aren’t bad in and of themselves, and there are many genuine reasons as to why you would want to install one. However, this is not one of them.