/ Scams

How the ‘FluBot’ spyware is getting onto Android devices

Have you heard of ‘FluBot’? The spyware is spreading among Android devices and could steal your passwords. Here’s how it works.

An app known as ‘FluBot’ is being sent to mobile devices in a text message fraudulently posing as being from courier DHL – it says you have a parcel out for delivery and includes a link that invites you to track the delivery by downloading a fake tracking app.

But the app is actually malware/spyware that could steal your passwords.

Spyware is malicious software that can access data on your phone. Sometimes it might trick you into entering sensitive information such as passwords by prompting you with fake login pages. These details can be used to access accounts and target you and your contacts with further scams.

The way spyware is distributed is constantly evolving to use different links, and masking the messages’ origins with different mobile numbers.

Make Which? aware of a scam with our Scams Sharer tool

Tricky to uninstall

A recent FluBot victim, Connor from Birmingham, told us he was expecting a delivery from DHL and decided to download the app to track it as he was worried he might not be at home to receive it. 

Something about the app he downloaded through the link in the text didn’t look right to him, and it didn’t seem to work. But when he tried to uninstall it he couldn’t. After searching online, he discovered he had unknowingly installed spyware.

He planned to deal with it later by resetting his phone, but the following morning he received several notifications from Google warning him that someone had tried to log into his Gmail account from a new device, apparently located in Perth, Australia.

He eventually contacted Samsung, which he said was helpful and reassuring. He was able to back up all the contacts, photos and files on his phone. But he told us it was a pain to set up his phone and banking app logins again from scratch – it took several days for his phone to be back to normal. 

Another victim told us they received the following text message days after browsing a website called Euro Car Parts. They were confused and tempted to click through. This was likely a coincidence, but often this is how these text messages are successful. 

Scammers are including large retailers in the messages that they know use certain couriers. It makes more sense to victims if they expect their ASOS delivery is coming via Hermes, for example.

We made DHL aware of the fraudulent texts but it hasn’t got back to us yet. We’ll publish any response here when it does.

How to protect yourself from FluBot

⚠ Don’t click on any links you receive in text messages, however legitimate they might look. If you’re invited to track a package, or update details in an account, visit the official website and log in that way.

⚠ Keep on top of the latest software updates. They help protect your phone from the latest security threats. If your smartphone or tablet is an older model and no longer supports software updates, it will be more vulnerable to spyware and malware attacks. Consider upgrading if you can. Find out whether your phone might be more at risk.

How to get rid of FluBot

We’ve heard from lots of affected people that it’s impossible to simply uninstall this spyware. A full system reset should work, but you might want to back up your data first so you don’t lose it. However, don’t restore the phone from the backup – do a completely fresh install with a factor reset, then download your apps and files again. It’s a nuisance, but it’s safer. You can also:

Contact your phone manufacturer’s customer support for help. We’ve heard mobile phone manufacturers have been very supportive. They will guide you through removing spyware from your phone completely free of charge. 

Beware of opportunists who claim they can remove spyware for a price – there’s a chance they could also be scammers trying to access your phone.

Change your passwords for your online banking accounts, email and any other sensitive accounts or apps you might have on your phone.

If you’re targeted by nuisance messages and phone calls, consider changing your mobile number. It’s a bit of a hassle but an effective final resort.

Have you been affected by malware/spyware?

Companies shouldn’t be including any links in text communications. All the information should be in the message. But many still do, and it’s confusing for customers and leaves them open to impersonation by fraudsters.

Guide: how to spot a scam

Guide: how to get your money back after a scam

Which? is currently working to advise banks, organisations and retailers on how to safely communicate with customers via text message. 

Have you received this fake message or ended up with spyware on your phone?

Comments
Dean says:
17 May 2021

This is why it’s so important to only download from the Google play store and not from other sites or links.

Hi all we receive parcel delivery information at least 3 times daily, D.H.L -SWL-HERMES-OPTICIANS -DENTAL- ROYAL MAIL-AND A PHONE NUMBER,07507329260 WANTING ME TO DOWNLOAD A QUESTIONAIRE FORM-HTTPS://TINYURL.COM/YFDFYUR7 COVID 19 CHECK I GET SO MANY NOW JUST IGNORE ALL OF THEM AND PHONE NUMBER I DONT RECOGNISE,ONE JUST COME 07367275797

last Friday my bank stopped fraud on my account, some agency for £27.00 someone had cloned or sold info on my card got a new card now (grateful )how secure are cards that you can place money on too to just pay with that card?? hope I’ve explained it OK

LEONARD WHITTLE says:
28 June 2021

Vodafone cut of my phone line. I cannot complain.