Skip to Content
© Tero Vesalainen |
Security & privacy

Warning: Sneaky new malware steals your passwords and messages your contacts

Has your mobile phone felt a bit sluggish lately? Is it not working as smoothly as it should? Does it seem like it might have the flu? No, the coronavirus hasn’t been infecting mobile devices, but your phone might be sick with malware.

There is a nasty password-stealing virus making the rounds, and just like COVID-19, it can spread to your friends and family. You won’t get it from borrowing their phone, but you can infect others through your contact list. Tap or click here to find out if your phone or tablet has a virus or malware.

The malware variant is aptly named Flubot. It is designed to steal your personal information and spreads just like the common cold. Keep reading to find out how the malware is spreading and ways to block it.

Here’s the backstory

This latest malware variant is spread through a delivery scam. Victims are receiving text messages claiming they missed a delivery and are asked to click a link for verification. The link leads them to a spoofed site and asks them to download a delivery tracker.

The delivery tracker is actually spyware known as FluBot and can steal your passwords along with other sensitive information. The scam is primarily targeting Android users, but several iOS users have reported receiving the message.

The malware is so prevalent that the U.K.’s National Cyber Security Center issued a statement on FluBot. “The NCSC is aware that a malicious piece of spyware – known as FluBot – is affecting Android phones and devices across the U.K.,” it said in a blog post.

The scammers don’t stop with your device, though. Once your phone is infected, it will go through your list of contacts and send a similar message to them looking to infect their devices as well.

What you can do about it

While Flubot is rampant in the U.K., it’s expected to spread through the U.S. soon.

Here are some steps you can take to protect yourself:

  • Don’t trust text messages – If you receive a suspicious text message, delete it ASAP. Don’t engage by replying or clicking links.
  • Watch for delivery scams – If you receive a text about a delivery, don’t click on links in the message or download attachments.
  • Follow up with official contacts – Instead of responding to delivery texts, contact the delivery company directly through known phone numbers or email addresses.
  • Change your passwords – If you think you’ve fallen for a scam, change your online account passwords. Tap or click here to find out how to create stronger passwords.
  • Enable 2FA – Activate two-factor authentication (2FA) where available. Tap or click here for details on 2FA and why you should use it.

Keep reading

Scams and malware involving Google Alerts are getting worse – Don’t be fooled

Watch out: Hackers are using messaging services to spread malware

Tech smarts in 2 minutes a day

Get my Daily Tech Update and the Digital Life Hack. Just one minute each and arm you with the tech knowledge you need to impress your boss and friends with how smart you are.