That SMS message could be some seriously nasty Android malware

Don’t download and install APKs from the web

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Threat actors are using SMS text messages to spread apassword-stealing malwarethat attacksAndroid devices, experts have warned.

Once installed, the malware, known as FluBot, will harvest authentication details and other personal details and sensitive information.

To make matters worse, the malware makes its way into a victim’s address book, and in worm-like fashion infects other devices by sending itself to all the contacts.

We’re looking at how our readers use VPN for a forthcoming in-depth report. We’d love to hear your thoughts in the survey below. It won’t take more than 60 seconds of your time.

Click here to start the survey in a new window«

Third-party APKs

Third-party APKs

From an infected device, the malware sends a text message masquerading as legitimate, often pretending to have come from reputable companies such as DHL,Amazon, Asda, Argos and others.

The message includes a phishing link that requests recipients to download an app, distributed as an APK, in order to track their delivery. As you can imagine, the app is the password-stealing malware.

By default, Android blocks the installation of third-party APKs. This is why the website that hosts the APK also handholds users through the process of overriding that safety mechanism. Once installed, the app gets to work.

UK’s National Cyber Security Centre (NCSC) has issued security guidance to help users identify the FluBot text messages, while network providersThreeandVodafonehave also started relaying warnings about the malware to their users.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The NCSC further urges users who receive the FluBot messages to forward them to the free spam-reporting service (7726), before proceeding to delete the message.

According to reports, although the malware is currently known to only infect Android devices, the NCSC is also advisingAppleusers to pay close attention to text messages that ask them to click links about a delivery.

While the APKs won’t install oniOS devices, the fear is that the fake delivery websites could also be used to siphon off personal information.

We’ve also rounded up thebest ransomware protectiontools

ViaZDNet

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Don’t search for information on cats at work — you could be at risk of being hacked

This dangerous new malware is hitting Windows devices by hiding in games

Singapore Criterium live stream 2024: How to watch FREE UCI cycling online