Pickr
  • Latest News & Reviews
  • Recommendations
  • Phones
  • Earphones
  • Sound
  • The Wrap
No Result
View All Result
Pickr
  • Latest News & Reviews
  • Recommendations
  • Phones
  • Earphones
  • Sound
  • The Wrap
No Result
View All Result
Pickr
No Result
View All Result

Android phones on alert as SMS scams see dodgy app installs

Leigh :) StarkbyLeigh :) Stark
June 6, 2021
Reading Time: 3 mins read
Share on TwitterShare on FacebookShare on LinkedInShare over email

The next time you get a message suggesting you have a delivery, you might want to make sure you know just who it’s coming from.

There’s never a dull moment in security it seems, and if you’re waiting for something to come in the mail, you’re probably used to the regularity of which scams occur.

Fake texts that suggest you have a package waiting only to send you to a dodgy web site phishing for your details are a normality these days, forcing you to be aware of what you click on. But some of these SMS scams are getting so aggressive, it might not be enough to merely be aware of the websites you’re visiting through them, but also what they potentially have waiting for you.

In recent weeks, Avast Security has found one that delivers a banking virus, yet in the guise of a delivery tracking app. It’s an Android specific thing, it seems, but one that Avast says has infected over 60,000 devices and ensnared the detailed of millions of phone numbers, simply because of what the app does: rather than track any delivery, this fake app is a nasty little virus that instead steals information from a phone, sending it to someone else.

Called “FluBot”, it’s something you don’t want on your phone, and yet spreads by SMS, making it a possibility that it could land there. It’s not a risk yet for iPhone owners, as far as we understand, but if an Android owner sees a message suggesting they have a package delivery waiting and clicks on a link only to ask them to install an app, you can more or less bet that’s what it is. When installed, you won’t get any delivery tracking, but rather an invasive app that looks for your details and sends it to a remote serverm, using the accessibility functionality of a phone to monitor what’s happening.

Representatives for Avast told Pickr that there weren’t any Australian examples yet, but that it was happening around the world, so worth pointing out that it could happen here.

“At the moment, primary targets of the attacker’s campaign are Spain, Italy, Germany, Hungary, Poland and the UK,” said Ondrej David, Malware Analysis Team Leader for Avast.

“But there is some potential that the scope of operation may be extended to target other countries in the near future,” he said.

“What makes this malware particularly successful is that it disguises itself as postal/parcel delivery services, using text along the lines of ‘Your parcel is arriving, download the app to track’ or ‘You missed your parcel delivery, download the app to track’, to which a lot of unsuspecting users would easily fall victim. This is especially the case in the current situation where some form of home delivery has become the standard mode of operation for many businesses during the pandemic.”

One of the FluBot SMS scams Avast picked up on.
One of the FluBot SMS scams Avast picked up on.

How to stay on guard against fake delivery SMS

While making sure you have security app on a phone is one way of warding off this virus, as is ensuring Android owners only install apps via the official Google Play Store, another way is to make sure you don’t get caught at all.

That might seem hard, so it’s worth looking at how not to fall for SMS scams in the first place, and that comes down to looking at the text with some lessons.

Scammers may be able to fake the name of where a text is coming from, but they typically won’t, so check the name. If it comes from a random phone number, it’s very unlikely to be the real deal.

Likewise, look at the URL with your own eyes. A real delivery company, such as Australia Post or DHL, will have their respective website in the link. Scammers can’t use the official website, however, and so tend to use something entirely unrelated and outlandish.

They’re the obvious giveaways that something is amiss, and that you should delete those messages ASAP.

Leigh :) Stark

Leigh :) Stark

One of Australia's well regarded technology journalists working out of Sydney, Leigh Stark has been writing about technology for over 15 years, covering phones, computers, cameras, headphones, speakers, and more. Stylising his middle initial with an emoticon, he aims to present tech in a way that makes it easy for everyone. While he founded Pickr in 2016, Stark's work can be seen in other publications including The Australian Financial Review, Popular Science, and many more. His award-winning podcast "The Wrap" is syndicated on Southern Cross Austereo's LiSTNR network weekly, while he can be heard on radio via ABC Brisbane and ABC Canberra, and seen on TV's Nine. Check out Leigh Stark's most recent media appearances.

ADVERTISEMENT

Related Posts

Scammers try a dark approach with coronavirus vaccine scams
Security

Monkeypox gives scammers something new to con with

June 12, 2022
Scammers try a dark approach with coronavirus vaccine scams
Security

Google Drive goes on defence with anti-malware, anti-phishing

May 17, 2022
What fallout can we expect from the 2019 Facebook leak?
How to

How to unmask a Bitly text message scam

May 14, 2022
ADVERTISEMENT
  • Recommendations
  • Best Picks
  • Methodology
  • About
  • Media Appearances
  • Contact
Change the way you choose.

© 2016 to 2022 Publishr Pty Ltd: ACN 624 227 256
All rights reserved.

No Result
View All Result
  • Latest News & Reviews
  • Recommendations
  • Phones
  • Earphones
  • Sound
  • The Wrap

© 2016 to 2022 Publishr Pty Ltd: ACN 624 227 256
All rights reserved.