Skip to main content

Australian mobiles are receiving thousands of fake SMS messages

These messages either say you have missed a call, a notification, or have a voicemail, or parcel delivery.

The message is part of a computer virus which infects Android phones. When a user clicks on the message, they are redirected to a website that attempts to download software on to your phone (usually Voicemail71.apk).  The software downloaded is the virus, once installed, it will use your phone number to send similar SMS to other unsuspected users.

Because the messages are coming from legitimate devices, it difficult to control, but Telstra are aware and trying to resolve this.

The software downloaded comes from a number of different infected websites, and doesnt work with iPhone devices; and doesnt work on Android phones were unsecure downloads have been restricted.

These websites are being reported, but many hosting ISPs are slow to respond these requests.

Karen McAteer, from the Queensland police financial and cyber crime group, said perpetrators of the scam are overseas-based, making them difficult to catch.

The best defence against this scam is to not click on the link.  If you have clicked on it, and suspect software has been downloaded, then you should go to your Settings > Apps, and look for anything new unwanted apps, and hit ‘Uninstall’.   You may also be able to remove the app just but dragging its icon to the trash folder.  More detailed information available here: https://www.pcrisk.com/removal-guides/20475-flubot-malware-android

Once the virus is removed, you may need to change your passwords, as the virus automatically uploads a lot of details about phone to the hacker.

More advanced users should also report the domains names and the admins of the hosting from where the virus is linked to.

If you have been scammed, your encouraged to report to the ACCC and ReportCyber

Threat Summary:
Name FluBot virus
Threat Type Android malware, malicious application, unwanted application.
Detection Names (fedex.apk) Avast-Mobile (Android:Evo-gen [Trj]), BitDefenderFalx (Android.Trojan.Banker.TW), ESET-NOD32 (A Variant Of Android/TrojanDropper.Agent.HKE), Kaspersky (HEUR:Backdoor.AndroidOS.Polph.c), Full List (VirusTotal).
Related Domains cssincronbucuresti[.]ro, windjey[.]com, gispert[.]pt
Detection Names (cssincronbucuresti[.]ro) Fortinet (Phishing), PREBYTES (Malware), Full List (VirusTotal).
Detection Names (windjey[.]com) Dr.Web (Malicious), Fortinet (Malware), PREBYTES (Malware), Full List (VirusTotal).
Symptoms The device is running slow, system settings are modified without users’ permission, dubious applications appear, data and battery usage is increased significantly, browsers redirect to bogus websites, intrusive advertisements are delivered, monetary loss, problems with online privacy, stolen personal accounts.
Distribution methods Social engineering, SMS messages, fake FedEx website.
Damage Stolen personal information (private messages, logins/passwords, etc.), decreased device performance, battery is drained quickly, decreased Internet speed, huge data losses, monetary losses, stolen identity (malicious apps might abuse communication apps).
Malware Removal (Android) To eliminate malware infections our security researchers recommend scanning your Android device with legitimate anti-malware software. We recommend AvastBitdefenderESET or Malwarebytes.

Leave a Reply

five × 5 =