Flubot, the Android-based spyware, has been spreading rapidly via missed package delivery SMS texts. According to the NCSC, Android smartphone users all around the U.K are being targeted by text messages spreading the spyware.

What is happening?

The NCSC has issued a security alert about how to spot and remove FluBot, while two network providers (Three and Vodafone) have issued alerts for users.
  • The spyware is delivered to targeted victims via SMS texts that incite them to install a missed package delivery app. The victims are then redirected to a scam website to download the malicious spyware. 
  • Once installed, Flubot gains permissions, steals banking information and credentials, lifts passwords saved on the device, and steals different types of personal information. 
  • In addition, it further sends out text messages to the contact list of infected devices to spread further. Most of the phishing texts are spoofed to look like they are being sent from DHL.
  • One victim received a message pretending to be a link from the Royal Mail. Another user received a fake Amazon message, in which the attackers replaced the ‘o’ for a zero in the link.

Recent SMS phishing attacks

Mobile phishing scams have been booming since the beginning of the COVID-19 pandemic and have no signs of slowing down.
  • Recently, an SMS phishing scam was discovered that says a package is out for delivery, while the infection allows the attacker to gain access to the victim’s system.
  • In February, an SMS phishing scam was observed harvesting personal data by offering fake tax refunds.


SMSes are usually of limited size (160 characters), therefore, any grammatical and spelling errors may get overlooked. In addition, the small screen size of mobile devices makes it harder for end-users to detect a scam. Therefore, users should not open any suspicious links in their mobile browsers and should only use the official store for downloading apps.

Cyware Publisher