Scary new Android malware targets millions of users; here's how to keep your data safe
Even though Google is absolutely trying its best to keep the billions (with a "b") of active Android devices around the world protected against the many dangers mobile users can face nowadays navigating a wide sea of online temptation, there are certain things the search giant simply has no power over.
The same pretty much goes for the manufacturer of your mobile hardware as well, which means you and you alone can resist major threats like a newly discovered piece of spyware dubbed FluBot. While far from innovative in its approach or execution, this can easily wreak havoc on unsuspecting or careless smartphone users.
In all likelihood, a fair number of people may have already fallen prey to the millions, yes, millions of cyber-attacks reportedly launched across the UK in the last few days, and if history is any indication, malware-ridden text messages could also start flying around the US very soon.
Do NOT install apps from untrusted sources
While it is unfortunately true that your phone can get infected from Google's official Play Store and other typically reliable digital distribution services for Android apps, the chances of something like that happening will skyrocket when downloading stuff from shady-looking places.
Although it's not always easy to distinguish between a legit-looking place of e-business and a sketchy app store, developer, or website, a good rule of thumb is to never download APK (Android Package) files if you don't know exactly where these are coming from.
The real DHL will never ask you to do this
That's precisely what "FluBot" wants you to do, disguising a very dangerous type of malware as an innocent-looking alert from an international delivery service like DHL. Keep in mind that these kinds of viruses often get more sophisticated with time, changing their (fake) identity to try to trick more and more users into giving up control over their most personal and sensitive information.
Otherwise put, you shouldn't trust text messages purportedly coming from any delivery company that asks you to download something from outside the Play Store in order to track a (real or fictitious) package.
Ignore this simple advice at your own peril, as all your online accounts could be hacked and your passwords compromised in one fell swoop. That's how vicious this latest threat to your cybersecurity can get, and even worse, your FluBot-infected device could then further spread the malware to all your contacts, family, and friends.
What to do if your phone is already compromised
Unfortunately, this situation is a little more complicated than your usual "delete-an-app-and-never-look-back" solution, requiring quite a bit of extra effort (and sacrifice) from harmed users to manage to get out of harm's way.
The first thing you'll need to do is not enter any more passwords or log into any personal accounts as soon as you realize you've been duped. Secondly, we're afraid you'll have to factory reset your potentially hacked Android phone to get rid of this nasty virus, which means you may also lose some precious data in the process.
️SCAM TEXT ALERT ️
— Vodafone UK (@VodafoneUK) April 22, 2021
If you receive a text message that looks like the one below:
IGNORE: Do not click any links.
REPORT: Report it by forwarding to 7726.
DELETE: Remove the text from your phone. pic.twitter.com/ailKcmXYh4
On the bright side, you can obviously restore any and all previously backed up data... as long as you're certain said backup was created prior to the time of the FluBot installation. Everything else must unfortunately go so you can be sure the danger goes away as well.
Of course, even after that happens, any and all passwords that might have been compromised during the attack need to be changed immediately, preferably with powerful and unique alternatives you can safely store using services such as LastPass.
In case you're wondering, iPhone users don't appear to have been targeted by this particular threat for fairly obvious reasons, although in theory, the spyware could always expand its scope and tweak its M.O. to attempt to steal your data directly from an infected website rather than an installed app. So, yeah, you might want to be careful about opening any links sent to any mobile device.
Things that are NOT allowed: