Lately, people from around the world have reported strange, misspelled text messages saying they have a new voice message from someone close like their spouse, family members, or even their boss.
“Who on Earth still uses voice messages in this day and age?” would be a normal reaction. However, many recipients still click the link. They instantly regret it.
There is no urgent voice message at the other end, it’s just an old scam that cyber criminals constantly revamp. Sometimes it’s disguised as a message from a delivery company, other times it informs you pictures of you were recently uploaded, but each time it’s malware looking to snatch your financial details and turn your phone into a zombie.
Flubot: the malware that turns your phone into a zombie
The most intriguing detail about the current voice message scam campaign is that the messages seem to come from regular phone numbers. The reason for that is they actually come from legit phone numbers, but the owners of those numbers may have no idea.
How is this possible? Flubot, an Android malware spreading aggressively through SMS. It’s wreaking havoc in many countries of the world including Finland, Australia and Romania. What differentiates Flubot from other types of malware is that it’s spreading exponentially.
For example, once installed on an Android device, it will steal credit and debit card information, bank credentials and raid any crypto stock you may have. But it will also copy your contact list and automatically send infected links, via SMS, to all the numbers saved in your phone. If those people click the links, their phones become carriers as well.
How to stay safe:
Learn to spot scams. The most important thing when dealing with a scam is to identify it as a scam attempt. In this case, there’s a lot of clues something isn’t right with the messages:
- They’re all badly misspelled,
- They include strange alphanumeric characters
- The link URLs indicate suspicious websites from other countries (Poland, Slovakia, Russia)
- The voice messages aren’t from specific people in your phone agenda, instead, they’re from generic senders like “your boss”, “your loved ones”, “someone close to you”.
Treat all mobile links with extreme caution. Don’t click on suspicious links. Don’t log in using links received via text message. Always double-check the sender. If you think a message is a scam, delete it without clicking the link.
Don’t call the numbers that sent you the messages. Many times they’re either automated or they belong to people who have no clue as to what’s going on.
Back up all your data periodically. If you have reason to believe your Android phone is infected, factory-reset your device, but be very careful because this will also erase all your unsaved personal data. Restore your device using a backup made before you were infected, and change all your passwords.
Choose a solution that protects your phone for you. Scam Alert is one of the latest features added to Bitdefender Mobile Security for Android. It’s a tool that lets the security solution scan SMS messages and links that show up in notifications. Scam Alert then alerts users when they receive a malicious link and lets them choose the best course of action.