Warning over text-message scam that spreads malicious spyware on Android mobiles


Fake text messages that pretend to be from a parcel delivery firm are reported to be spreading in the UK, according to cybersecurity experts.

The scam instructs users to install an app so they can track a parcel. However, the weblink prompts users to unknowingly download malicious software (known as Flubot) which spies on your activity. It can secretly gather sensitive information such as online banking and email passwords.

It can also send text messages, spreading malware links to people in your contacts list.

According to mobile network operators, users in the UK and other countries are being targeted with millions of the scam messages.

cyber main

What you should look out for

Android users should be extremely wary about clicking links in any message. It is very easy for cybercriminals to send text messages that appear to be genuine.

  • Do not click the link in the message, and do not install any apps if prompted.
  • Forward the message to 7726, a free spam-reporting service provided by phone operators.
  • Delete the message.

The current scam messages are fake DHL delivery notifications, as shown below, but they could just as likely be changed to a different firm’s name and branding, so please remain vigilant.

If you are expecting a delivery, use the courier company’s official tracking website or customer service helpline. The web address and contact details will usually be on your original order confirmation.

cyber 2

I might have installed the malware, what should I do?

The National Cyber Security Centre (NCSC) has useful guidance on what to do if you think your Android device could have been infected with malware such as Flubot. 

You will need to factory-reset your device and restore your data from a backup that was taken before the malware infection (otherwise the malware could be restored along with your other apps and data).

You should also reset passwords on any accounts that you accessed since the malware infection.

If you have DMU apps on your device, please report this to ITMS and change your DMU password on the ITMS self-service password reset page.

Any accounts that use the same login details should also be changed (in general, please do not use the same password to login to different accounts).

At this time, the Flubot malware is only targeting Android devices. Apple iPhone users are not affected.

The NCSC has other helpful information on how to protect your documents, photos and personal data and how to avoid any similar scams in the future.

Posted on Monday 26 April 2021

  Search news archive