Australian mobiles are receiving thousands of fake SMS messages
These messages either say you have missed a call, a notification, or have a voicemail, or parcel delivery.
The message is part of a computer virus which infects Android phones. When a user clicks on the message, they are redirected to a website that attempts to download software on to your phone (usually Voicemail71.apk). The software downloaded is the virus, once installed, it will use your phone number to send similar SMS to other unsuspected users.
Because the messages are coming from legitimate devices, it difficult to control, but Telstra are aware and trying to resolve this.
The software downloaded comes from a number of different infected websites, and doesn’t work with iPhone devices; and doesn’t work on Android phones where unsecure downloads have been restricted.
These websites are being reported, but many hosting ISPs are slow to respond these requests.
Karen McAteer, from the Queensland police financial and cyber crime group, said perpetrators of the scam are overseas-based, making them difficult to catch.
The best defence against this scam is to not click on the link. If you have clicked on it, and suspect software has been downloaded, then you should go to your Settings > Apps, and look for anything new unwanted apps, and hit ‘Uninstall’. You may also be able to remove the app just but dragging its icon to the trash folder. More detailed information available here: https://www.pcrisk.com/removal-guides/20475-flubot-malware-android
Once the flu-bot virus has been removed, you may need to change your passwords, as the virus automatically uploads a lot of details about phone to the hacker.
More advanced users should also report the domains names and the admins of the hosting from where the virus is linked to.
If you have been scammed, your encouraged to report to the ACCC and ReportCyber
| Name | FluBot virus |
| Threat Type | Android malware, malicious application, unwanted application. |
| Detection Names (fedex.apk) | Avast-Mobile (Android:Evo-gen [Trj]), BitDefenderFalx (Android.Trojan.Banker.TW), ESET-NOD32 (A Variant Of Android/TrojanDropper.Agent.HKE), Kaspersky (HEUR:Backdoor.AndroidOS.Polph.c), Full List (VirusTotal). |
| Related Domains | cssincronbucuresti[.]ro, windjey[.]com, gispert[.]pt |
| Detection Names (cssincronbucuresti[.]ro) | Fortinet (Phishing), PREBYTES (Malware), Full List (VirusTotal). |
| Detection Names (windjey[.]com) | Dr.Web (Malicious), Fortinet (Malware), PREBYTES (Malware), Full List (VirusTotal). |
| Symptoms | The device is running slow, system settings are modified without users’ permission, dubious applications appear, data and battery usage is increased significantly, browsers redirect to bogus websites, intrusive advertisements are delivered, monetary loss, problems with online privacy, stolen personal accounts. |
| Distribution methods | Social engineering, SMS messages, fake FedEx website. |
| Damage | Stolen personal information (private messages, logins/passwords, etc.), decreased device performance, battery is drained quickly, decreased Internet speed, huge data losses, monetary losses, stolen identity (malicious apps might abuse communication apps). |
| Malware Removal (Android) | To eliminate malware infections our security researchers recommend scanning your Android device with legitimate anti-malware software. We recommend Avast, Bitdefender, ESET or Malwarebytes. |
Update
7 April 2022
Telstra have now implemented scam blocking service which should significantly reduce the amount of SMS scams being sent. More information here: Telstra Cyber Security
ABN: 58 196 482 040