A major security alert has been issued to millions of mobile phone users across the United Kingdom as a dangerous new malware campaign threatens to steal sensitive personal and financial information.
The FluBot Threat: What You Need to Know
Cyber security experts have identified FluBot as an exceptionally sophisticated piece of malware that's currently spreading rapidly through fraudulent text messages. The scam primarily targets Android users, though all smartphone owners should remain vigilant.
This malicious software operates by disguising itself as legitimate delivery notifications from well-known courier services including Royal Mail, DPD, and Evri (formerly Hermes). The messages typically claim you have a missed delivery and urge you to click a link to rearrange shipment.
How the Scam Works
The attack follows a carefully orchestrated process:
- Victims receive a convincing SMS message about a missed parcel delivery
- The text contains a link to what appears to be a legitimate tracking application
- Once clicked, the link downloads and installs the FluBot malware
- The malware then gains extensive access to your device and personal data
Why FluBot Is Particularly Dangerous
Unlike simpler phishing attempts, FluBot represents a significant escalation in mobile security threats. Once installed, it can:
- Intercept online banking credentials and two-factor authentication codes
- Access your entire contact list and send infected messages to everyone you know
- Monitor your keystrokes and capture passwords
- Take control of certain device functions
The malware's ability to spread through contact lists makes it particularly virulent, creating a chain reaction of infections that can affect entire communities within hours.
Protection Measures: How to Stay Safe
Security professionals recommend these essential precautions:
First and foremost, never click on links in unexpected text messages about deliveries, even if they appear to come from recognised courier companies. Instead, visit the company's official website directly or use their legitimate app to check your delivery status.
Ensure your device's security settings only permit app installations from official sources like the Google Play Store. Regularly update your operating system and applications to patch known vulnerabilities that malware might exploit.
Consider installing reputable mobile security software that can detect and block malicious applications before they cause harm. Most importantly, if you receive a suspicious message, delete it immediately and warn friends and family about the scam.
What to Do If You've Been Affected
If you suspect your device has been compromised, act quickly. Run a security scan using trusted antivirus software, change all your passwords (especially for banking and email accounts), and contact your bank immediately to report potential fraud. For persistent infections, you may need to perform a factory reset after backing up important data.
The National Cyber Security Centre continues to monitor the situation closely and advises all mobile users to maintain heightened awareness of this evolving threat.
