Australians have been warned to be on the lookout for strange-looking texts that say you received a missed call and advise you to click a link.
Telstra issued an alert on Thursday warning that the odd, “garbled SMS message” is actually malicious, and Aussies with Android phones should steer clear.
“The messages are generated by malware called FluBot, which spreads via SMS and can infect insecure Android phones,” said Clive Reeves, Telstra’s deputy chief information security officer.
‘FluBot’ is actually malware that can be installed and can infect Android phones – just by clicking malicious links contained in a text message.
Once the malware infects the device, the people in the contact list of that device will then get sent similar text messages – all without realising this is happening.
“If installed, the malware has wide access and can harvest your contact list to further spread, as well as accessing your personal information and banking details if you used it while infected,” Reeves said.
The malware was circulating around Europe, and has made its way to Australia, he said.
How exactly does FluBot infect my phone?
You might get a text message, which looks something like this:
“a1bcd2 Voicemail: You have 1 new Voicemail(s). Go to [link]”
Australian comedian and radio presenter Em Rusciano received a similar text that read: "z0re4 You have a missed lall. Caller left ylu z mesxage: [link]"
— Em Rusciano (@EmRusciano) August 11, 2021
Click on it and you’ll be taken to a very webpage that might spoof trusted brands like Telstra.
You’ll be asked to install an app to listen to the voice message. If you give permission to install – you’ve just downloaded the FluBot malware to your phone.
“To have your mobile phone compromised by the Flubot malware, you would have to click on the link and visit the malicious website in the SMS you receive,” said Reeves.
But there’s one bit of good news. Only Android phones that have already enabled ‘side-loading’ of apps onto the device – meaning the phone permits the downloading of software from potentially dodgy sites outside of the Google Play Store – will be affected.
“So unless you’ve done this, you can rest easy.”
Reeves described FluBot as a “sophisticated piece of malware” because it sends text messages to random numbers and contacts scraped from an infected Android device.
This is what makes it so difficult to contain.
“Each time it does this it creates a new, unique link, making it difficult to block at a network level. These messages are also being sent from infected devices all across the world that have fallen victim to the malware,” said Reeves.
How to tell if your phone has been infected
It’s actually pretty hard to tell you’ve got it, because you won’t see strange text messages being sent from your device to others.
But you should keep an eye out for the following warning signs:
People are texting or calling you to complain about texts you sent them that you have no idea about;
A new app on your phone called ‘Voicemail’ that has an icon with a blue cassette in a yellow envelope. If you try to uninstall it, you’ll be told: ““You can not perform this action on a system service.”
Telstra or your phone provider has detected you’re sending a high volume of messages, and sends you a text saying you may have malware on your phone.
WATCH BELOW: 4 Tips for Spotting and Avoiding Scams
What should I do?
Aussies who find their devices have been infected should “urgently” remove the malware and change all passwords.
If your device has been infected, you should also switch to a different handset, Reeves added.
The telco giant has already identified “a number of handsets” lately that they believe have been potentially infected.