Flubot Malware arrives on Android phones in Australia – and Telstra is on the case

The unending battle against scammers and malware continues, with Telstra today publishing details of a new piece of malware called FluBot.

The issue is affecting Android users globally, with the FluBot first showing up in Europe and more recently here in Australia. The malware is spreading via a poorly worded SMS which mentions either a missed call, or voice mail and offers a shortened link which links to a legit looking web page which prompts users to install an app. 

The malware is isntalled as an app, relying on users having enabled the ‘Install from Unknown Sources’ option in settings. This setting allows unsigned APKs (Android apps) to be installed from sources which aren’t Google Play.

Once you’re infected FluBot then has access to your personal information, including banking details and your contact list which allows the malware to propogate. According to Telstra, Flubot is sending itself to random phone numbers as well as contacts from your contacts list.

The issue is fairly wide-spread affecting a large number of customers, with a number of EFTM readers advising on the ManCave group that they too have received the SMS’ as well.

Telstra has advised of a couple of ways you can tell if you’ve been infected with FluBot, advising:

• In your apps is a new app called “Voicemail” with a blue cassette in a yellow envelope. If you try to uninstall you receive an error message “You can not perform this action on a system service.”
• You receive text messages or telephone calls from people complaining about messages you sent them but you did not know about the messages.
• Telstra may detect you sending very high volumes of messages and send you an SMS, saying: “Your phone is sending many SMS and may be infected with malware/virus. Please remove the malware app or we may suspend your ability to send SMS. Search FLUBOT on Telstra website or call us for help.”

If you have been infected by FluBot, there’s steps you can take including checking out security sites ESET and FSecure for details on how to remove it or you can of course always just factory reset the phone, however you should be careful restoring any backups unless they’re older than the date your phone was infected. 

It’s a timely reminder that leaving the Install from Unknown Sources option checked is a bad idea, and having some antivirus software on your phone definitely can’t hurt.

Telstra is continuing to work with security researchers, but if you do see one of these messages delete it and do not click the link.