In the recent reports that came from the UK, android mobile device users across the country have been hit by a SMS phishing attack. It occurs via a text message sent on a device, containing a link to a malicious malware, which is being called the ‘Flubot’ by the UK’s National Cyber Security centre or NCSC.. The reason behind the name is the frequency at which the spyware spreads from one device to another, much like the flu. It does so by using the victim’s contact list to send an SMS text to everyone on the list.
The text-trap
The malware is delivered to the victims’ devices via SMS texts & informs them regarding a ‘missed package’ with a link. It prompts them to install a certain ‘missed package delivery’ application to track their delivery by using that link. Clicking on the link installs a spyware that can steal passwords and other critical data from the users’ device. The spyware gains permissions on the device and gains access to the device’s contact list, allowing it to send out text messages to their contact list, thus spreading the spyware to more devices.
By far, the most sent phishing texts are sent from DHL, but there have been some reports of texts seemingly from other companies. One victim posted a scam message, posing to be from Amazon, where the ‘o’ in the link was exchanged with a numerical ‘0’. Another user reported a message, posing to be from Royal Mail. NCSC has advised the users to beware, since the scammers could use other brand names to leverage the spyware.
Also read,
Users of Android devices like those manufactured by Google, Samsung & Huawei are suspected receive such texts encouraging them to download an app. Though, Apple devices have not seen such a scenario yet, they might receive scam messages that may redirect them to a scam website to steal their personal information.
What can the users do?
NCSC has advised users to be vigilant and beware of such text messages. The users are advised that if they receive a text that they suspect to be spam, they must refrain from clicking on the link and rather forward it to UK’s free spam-reporting line, i.e. 7726. They must then delete the message & block the sender. For those genuinely expecting a DHL delivery, they are advised to rely on the genuine application of the service and track deliveries there.
In case, one has already clicked on the link, they are advised to do a factory reset of their devices to reduce the risk on your online accounts & passwords. No passwords should be entered or online accounts accessed till the factory reset. This process might be different for different devices. But in case there is no device taken in the past, the user might lose critical data during the reset.
Users are also advised not to take a backup after the application is downloaded or during the reset – in case a backup hasn’t been taken in the past – as the backup might also be infected. They must also change the passwords of all their online accounts to secure them as far as possible.
Increasing prevalence of Smishing
Though prevalent, this isn’t the first incidence of SMS phishing, also known as Smishing in the UK. This year in February, fake text messages were sent across the country overing tax refunds on overpayment, which caused the harvesting of personal data of the victims.
Smishing has seen a drastic rise in the number since the emergence of the coronavirus pandemic and the threat doesn’t seem to be reducing anytime soon. How hackers leverage from smishing is that the lower 160 characters limit of the text messages makes them a great way to spread any malware. The said limit includes the link sent in it, leaving less room for mistakes or grammatical errors to happen, which are often a great way to spot spam messages. Also, being sent on mobile devices, these are expected to lure more people into the trap.
It is important for the modern-day user to be vigilant and always on guard to ensure they don’t fall prey to such malware scams. Also, increased education on the subject is a must, since the lack of education increases the probability of becoming prey to such a scam, putting the crucial data of many into jeopardy.