Password-stealing spyware

A new malicious piece of spyware is targeting Android users in an attempt to snag their passwords and other private information. An advisory cautioning people to beware of the new spyware dubbed FluBot. Affecting Android phones and devices across the world. FluBot is triggered after a user receives a text message asking them to install a tracking app in response to a “missed delivery package.” Clicking on the link in the text directs the victim to a scam website that launches the spyware.

FluBot then sets out on its malicious mission, namely trying to steal passwords and other confidential data from the infected device. The spyware also digs into the user’s address book to find more potential victims to whom it can send the text message, thereby propagating itself, but the attack could change to impersonate other brands.

FluBot has been hitting Android devices, including ones made by Huawei and Samsung, in which users are asked to download the app. iPhone and iPad users aren’t currently at risk, however, the text messages might still direct them to the scam website, which may attempt to steal certain information.

How to respond to the text message

What to do if you’ve downloaded the spyware

If you’ve already downloaded FluBot, you’ll need to clean your device and check any affected accounts.

First, don’t log into any accounts or enter a password anywhere until you’ve cleaned your device. To actually clean it, perform a factory reset as soon as possible. This process varies by device and vendor, but Android users can follow the steps on this Google help page. Remember that you’ll lose data if you don’t have a backup to restore after the reset. If you do have a backup, be sure to use one that was created before you downloaded the spyware.

Next, you’ll need to check your account passwords. If you’ve logged into any accounts since downloading the spyware, change your passwords immediately. If you’ve used the same password on other accounts, change those as well.

How to avoid mobile spyware scams

To protect yourself from these types of mobile scams, remember the following tips:

  1. Back up your phone or tablet to make sure you don’t lose critical data such as photos and documents. Back up your device on a regular basis, especially before you perform any significant changes, such as installing a new app.
  2. Install apps only from legitimate app stores. For Android users, that means Google Play. For iPhone/iPad users, that means Apple’s App Store. Some manufacturers, such as Samsung and Huawei, offer their own dedicated app stores.
  3. For Android users, make sure that Google Play Protect is enabled on your device before you install any apps. Huawei devices come with their own virus scanner. These tools attempt to scan for and remove any detected malware