Posted: April 28, 2021 by Pieter Arntz

Using a proven method of text messages about missed deliveries, an old player on the Android malware stage has returned for an encore. This time it seems to be very active, especially in the UK where Android users are being targeted by text messages containing a link to a particularly nasty piece of spyware called Flubot.

Warning from the National Cyber Security Centre

On its website, the National Cyber Security Centre (NCSC) warns about the spyware that is installed after a victim receives a text message that asks them to install a tracking app, because of a missed package delivery. The tracking app is in fact spyware that steals passwords and other sensitive data. It will also access contact details and send out additional text messages in order to further the spread of the spyware.

Network providers join in

Apparently, the problem is so massive that even network providers have noticed the problem and some of them, including Three and Vodafone have also issued warnings to users over the text message attacks.

Three urges victims that have installed the spyware:

You should be advised that your contacts, SMS messages and online banking details (if present) may have been accessed and that these may now be under the control of the fraudster.

It goes on to tell victims that a factory reset is needed or you will run the risk of exposure to a fraudster accessing your personal data.

Branding of the text messages

Most of the reported messages pretend to be coming from DHL.

example of a smishing message
DHL example

But users have also reported Royal Mail and Amazon as the “senders.” Readers should be aware that it isn’t enough to simply watch out for messages from one or two senders though. If the campaign proves successful for the criminals running it, it will evolve and change over time and they will likely try other tactics.

History of Flubot

These types of smishing (SMS phishing) attacks are on the rise the last few years. Previously, Flubot has been noticed operating a fake FedEx website targeting Android users in Germany, Poland, and Hungary in basically the same way. By sending text messages with a parcel tracking URL that led to malware downloads. Initially they operated in Spain (with Correos Express as the sender), until some arrests were made there which slowed the operation down for a while. It would not come as a surprise if the continued success will lead the Flubot operators to target the US next.

Infection details

Malwarebytes for Android detects the several Flubot variants as Android/Trojan.Bank.Acecard, Android/Trojan.BankBot, or Android/Trojan.Spy.Agent.

As we pointed out the initial attack vector is a text message with a link that downloads the malware. The package names often include com.tencent and have the delivery service’s logo as the icon. During the install the malware will show you misleading prompts to get installed and acquire the permissions it needs to perform the actions it needs. These permissions allow it to:

  • Send messages to your contacts
  • Act as spyware and steal information

Depending on the variant, Flubot can also:

Don’t click!

Unless you know exactly what to look for to determine whether a message is actually coming from the claimed sender, it is better not to click on links in unsolicited text messages. Which is always solid advice, but when you are actually expecting a parcel, the message may not count as unsolicited in your mind.

Our first impulse is often to click and find out what’s up. At the very least, we should stop and ask if the message and the URL stand up to scrutiny. If you think the message is genuine, it is still best not to click on the link, but instead search for the vendor’s website and look for its parcel tracker.

If you did not click the link, simply remove the message from your device so you do not click it by accident in the future.

If you have clicked the link but then stopped because you were suspicious of the fact that it initiated a download, well done. You stopped in time.

If you did download the malware, scan your device with a legitimate Android anti-malware app. If it can’t disinfect your phone, you will need to perform a factory reset to remove it. If you do this, there is a possibility you will lose more than just the malware, unless you have made backups.

You should also change any passwords you stored on the device, and any you entered on the device after the infection began, because they may have been compromised by the spyware.

Finally, if you used the device for online banking, check your bank balances and contact your bank so that they can stop or correct any fraud that results.

Stay safe, everyone!

Why are Small Businesses Targeted by Hackers

Although it’s cyber attacks on giants like Target and Chase Bank that make the news, small businesses are actually more often the victims of hacks. You would think that there would be less valuable information to steal, not really making them worth going after. So why are small businesses targeted by hackers? In reality, small businesses make much better targets because they often have outdated cyber security, don’t have the resources to pursue the thieves, and the information to steal is still very much worth the effort.

Easier to Hack

Thieves often go for the easiest target, and hackers are no exception. Small businesses usually have outdated technology and weak cyber security. By going after an easy target, hackers are more likely to be successful in their attack and gain access to valuable the information that small businesses have. Client social security numbers, financial information, and even client lists can be easily sold on the black market.

Less Resources to Fight Back

Attacking a large, wealthy company means a higher risk of being caught and prosecuted. Small businesses are often so devastated by the hack that they hardly have the time or resources to track down the perpetrators and seek restitution.

Large companies not only have the money and legal teams to go after hackers, but law enforcement devotes more resources to large hacks on powerful victims as well. Small businesses are not nearly as capable of fighting back as the big guys.

The Less Media Attention, the Better

How many criminals have you heard of that want to attract attention to themselves? A good thief is one you never know was there. The more attention a hack attracts, the more risk of the thief getting discovered. The hack of a small business with a small amount of data stolen is not likely to attract a ton of media and law enforcement attention. The small business may not even know it was stolen! The smaller the target, the less unwanted attention on the hacker.

Protect your Small Business from a Devastating Hack

The hard truth about hacks on small businesses is that they can be devastating to business owners and easy for hackers to perpetrate. Many company simply cannot recover from huge data losses and wind up closing their doors because of it.

Preemptive cyber security measures and having a cloud backup solution can save small businesses from ruin. Don’t be an easy target and stop the attack before it happens. Read more on cyber security for small businesses and cloud backup solutions to keep your business safe.

Cyber Security

For many small businesses, cyber security is an afterthought. The majority of man and brain power goes to sales and the bottom line; cyber security is something you will worry about when your company gets larger. Besides, who would take the time to hack into the system of a small company when there are so many larger businesses to attack?

Well, we have bad news for small business owners. It turns out that small businesses are in fact more commonly targeted by cyber attacks than the big guys. Yes, Target and Home Depot hacks are all over the news, but small businesses make much easier targets than the giants and the attacks are usually more successful.

The unpleasant truth is that small businesses are easier to hack into. They often have DIY cyber security and IT and still have attractive information to steal – credit card numbers, employee personal information, credentials for websites and email accounts, and so on.

Cyber Security for Small Businesses


Use Antivirus Software

This may seem like a no-brainer, but having antivirus software on all computers can stop a large number of small attacks from breaching your system. This can protect you from viruses picked up during non-work related browsing by employees and even phishing scams that are sent to work email accounts. Stop the simple cyber attacks with basic antivirus software.

Update all Software Regularly

How often are you in the middle of a task when you are interrupted by a pop up asking you to update the program? Your first reaction is likely to dismiss it with the thought of doing it later, or even worse, you have become so annoyed with the prompts you have turned them off completely.

Well, as disruptive as it can be, updating your software regularly is a vital piece of cyber security. Software updates patch security issues and make the program run more smoothly. By passing on an update, you are leaving yourself vulnerable to whatever cyber security issues exist in the older version and are making yourself an easy target for hackers.

Secure Your Network

Secure your network by using a firewall and password protecting your router. Both a firewall and password protected router will stop any unauthorized devices from connecting to your network whether on or off-line. You wouldn’t leave your office door unlocked and open all day, every day, would you? Don’t leave your network wide open to intruders either.

Limit Employee Access

Limit employee access to only files they need. The most obvious information to protect is client personal and financial information, but keep employee social security numbers and direct deposit account numbers secure as well. By limiting employee access, if an individual’s computer falls victim to a cyber attack, the attackers can only get so far before they are stopped by unauthorized access. Don’t make it a walk in the park for a cyber criminal to find all of your sensitive information just by breaching one computer.

Use a Cloud Desktop

Contrary to what many believe, cloud computing is far more secure than a traditional system (and cheaper too). When you use a cloud desktop, your IT and security is managed by a cloud computing company. It is no longer up to you to make all of those updates on time, back up your information, or watch day and night for security breaches. Let someone else handle it, and you don’t have to let cyber security keep falling to the bottom of your to-do list.

Cloud desktops are more secure and are actually less expensive than having a traditional IT department in-house. For small businesses, cloud computing is the economical and secure way to go. Learn more about cloud computing for small businesses.