Back to news
News, Security 1. July 2021

Malware via SMS

  • Share article

Do you own an Android phone and have received an SMS message with a link to a voice message? Then you should delete this message unread, because behind it there is most likely a new malware called “Flubot”, which has recently become active in Switzerland.

If you click on the link contained in the SMS message, you will be redirected to a fraudulent website where you are supposed to download the alleged voicemail.

If you do so, you install the malware on your phone, allowing it to grab sensitive data from your device. This attack method is called “smishing”, a word combination of “SMS” and “phishing”.

In Germany and other countries, “Flubot” disguises itself as an SMS parcel message from a transport company such as DHL or FedEx. The link in the message then leads to a fraudulent website from which an alleged app from the transport company is to be downloaded.

National organizations warn

Various Swiss IT organizations are currently warning about the malware, including Switch or the National Cyber Security Center in Bern, or NCSC for short:

“At the moment, the NCSC is receiving numerous messages about SMSs that alert the recipient to a supposed voice message. Anyone who clicks on the link in the SMS is taken to a fake website where the victim is asked to download the message. In fact, however, it is a malicious software. Do not download this file under any circumstances, do not click on the link in the SMS and delete the message.”

The Zurich Cantonal Police also describes the malware on its own cybercrime website cybercrimepolice.ch: SMS are sent to premium-rate numbers, among other things, according to Kapo Zurich. In addition, “Flubot” tries to tap credit card data as well as data entries in cryptocurrency apps or the email service Gmail. The Kapo also provides tips on what to do if you have accidentally installed the malware on your cell phone (see info below).

In order to spread, the malware also uses the contact list of the infected phone to send countless SMS messages to other devices.

Where does “Flubot” come from?

“Flubot” first appeared in Spain, Hungary and Poland in December 2020. Since then, the malware, which is also known as “Cabassous” and “Fakechat”, has spread worldwide.

“Flubot” can basically only infect Android phones. iPhones can also receive such a text message, but they are not in direct danger because apps can only be installed via the official Apple Store, which has been checked by Apple.

What can I do if I receive such an SMS?

• Do not click on the link
• Delete the SMS message
• Ideally, make people in your social environment aware of the issue and show them the SMS message before deleting it

What should I do if I click on the link?

• Reset your cell phone to factory settings (How do I do that?); this will delete all data on the cell phone
• Inform your mobile phone provider
• Block your credit card(s)
• Change the credentials of any cryptocurrency apps from another device
• Do the same if you use Gmail

How can I protect myself from “Flubot”?

• Keep the Android version on your phone up to date
• Protect your phone with anti-malware software (e.g. SophosMobile Security for Android)
• Download apps only from the official Google Play Store
• Set in the security settings of your phone that data from “unknown sources” should not be installed

 

Sources:

https://securityblog.switch.ch/2021/06/19/android-flubot-enters-switzerland/#comments
https://www.ncsc.admin.ch/ncsc/en/home/aktuell/aktuelle-vorfaelle.html
https://www.cybercrimepolice.ch/de/fall/das-sms-neue-voicemail-ist-die-gefaehrliche-schadsoftware-flubot/
https://medium.com/csis-techblog/the-brief-glory-of-cabassous-flubot-a-private-android-banking-botnet-bc2ed7917027
https://www.t-online.de/digital/internet/id_90136940/vorsicht-falsche-dhl-app-android-trojaner-flubot-breitet-sich-aus.html
https://support.google.com/android/answer/6088915?hl=en
https://en.wiktionary.org/wiki/smishing
https://www.droidwiki.org/wiki/Sideloading
https://en.wikipedia.org/wiki/Phishing

Further news

All news

Connect with us

Swiss Business Cloud ausprobieren?

Erlebe noch heute die Welt der Swiss Business Cloud mit unserer Demo.