Beware! ‘Flubot’ malware targeting Android phones can steal your netbanking passwords

  • Malware called Flubot is spreading on Android devices through SMS in the UK, Spain, Germany, and Poland.
  • The malware disguises itself as a delivery tracking app and steals passwords from your device.
  • The user will have to format the device to get rid of the Flubot malware.

While the COVID-19 virus has created havoc all around the globe from the past year, the intensity of malware and spyware attacks has also increased rapidly since the pandemic. Recently, a virus that claimed to offer a pink theme for WhatsApp came to light. It can not only steal your information but can also take control of the device. Now, a new malware designed to target Android phones, named Flubot, has been discovered. Flubot has been spreading like a wildfire in the UK, Spain, Germany, and Poland. The Flubot malware disguises itself as a delivery tracking app and can steal banking information and passwords from your device.

Also Read: Got a job offer on LinkedIn? Beware it could be malware instead

What is Flubot?

Recently, people in the UK have been receiving a text message, which looks like it is from an international parcel service, such as DHL. The SMS says that users can track their “missed package delivery” by going to a link in the text message. However, this message is not from DHL. It is, in fact, a fake text message, and the link in it leads to the Flubot malware.

Once you go to the link, a fake website appears on the screen which is disguised as a DHL webpage. It asks you to install an app on your smartphone for you to track your parcel. The webpage has a downloadable APK (a package that you can install on your Android device) along with instructions on how to install the application on your Android smartphone or tablet.


Once you install the application, it asks you for various permissions which allow Flubot to read your messages, contacts, call logs, and create a window over other apps. Now, Flubot can create a fake login screen over other apps and steal your passwords, including your netbanking ID and passwords. Moreover, the Flubot malware can spread itself automatically by sending the link to the malware to contacts stored in your phone.

How to protect yourself from Flubot

If you receive a suspicious delivery tracking message with a link in it, don’t click on it. That is the best way to save yourself from the Flubot attack. But what if you were going to receive a parcel and the text message is actually from the parcel service? Should you miss out on tracking the package just because it could be a fake message? Well, in that case, you can just call the parcel service and confirm the status of your package or get the tracking number and track the parcel manually from the service provider’s website.

Even if you click on the link in the text message, make sure you don’t download or install any app on your device from that website. In fact, one should not install an APK manually from anywhere else rather than Google Play Store or authorised app distribution platforms. APKs posted on websites can have malware and spyware that can steal your data and put your device at risk.

If anyone has unfortunately installed the Flubot malware, the UK’s National Cyber Security Centre (NCSC) instructs users to not enter any passwords on the device. Moreover, it asks users to format their smartphone/tablet immediately as it is the only way to get rid of the Flubot malware. Do remember to backup your data before you format your device. Vodafone and Mobile UK are asking people to forward the spam message to 7726 to report it and then delete the message from the device.

No posts to display