TCF Logo

Published Thursday 21 Apr 2022


Those relentless text messages you're getting about a non-existent package for pick-up is coming from a nasty virus called FluBot. Here's what you need to know and how to get rid of it...

 

If you’ve noticed an increase in the amount of spam going to your mobile phone you’re not alone. Hundreds of thousands of spam text messages are pouring into inboxes all around the country every day and it’s largely due to FluBot – the malware that arrived in New Zealand late last year. 

While your mobile phone company filters out most of the spam messages coming in to the country, FluBot is a bit different because it’s actually a virus rather than traditional spam. 

FluBot first kicked off when we were all in lockdown, and its timing was perfect. Online shopping had gone through the roof and getting a text message that said “your parcel has been delayed, click here for more information” wasn’t unusual. Unfortunately, clicking on the link took users to a page that asked you to download an app (again, not that unusual) and it’s at that point phones using the Android operating system were infected.  

Simply downloading the app meant your phone joined the millions of others around the world sending out these spam messages. FluBot hijacks the user’s phone, gaining access to information such as online banking credentials and the ability to send messages to people in your address book – the text encourages them to download the malware too. 

The mobile phone companies and CERT, the government’s cyber-security response team, have been working with the Department of Internal Affairs (DIA) to tackle the problem, but it largely comes down to the phone’s owner having to reset it to its original factory state.  

For some, that might just be a step too far as they haven’t backed up anything from their phones and don’t want to lose all that content (always back up your phone, and computer). 

An infected phone is constantly blasting out these text messages – on average around 5,000 a day for the duration of the infection. That’s a huge risk both to the rest of us who are being bombarded with spam, but also to the person sending those messages as some get sent out internationally - and that comes at a cost.  

If you send 3,000 international text messages a day for five days (this is the average duration most phones are infected for) that’s a whopper of a phone bill.  

FluBot is a very carefully crafted piece of malware that makes it extraordinarily difficult for telcos to block. It changes the message it sends each day (it might be about a late parcel, or about downloading a photo album or about a new voicemail, but there are others) and links to a number of different web pages. It also varies how many messages it sends each day which means all the filters your mobile phone company normally use to identify messages as spam are neatly avoided. 

Customers can help and the good news is it’s relatively easy to remove FluBot from your phone. Resetting your phone to factory settings is all it takes – unfortunately you will lose whatever is on your phone when you do that so you need to have everything you want to keep backed up first.  

Think about those photos you’ve got, or your contacts, your music or videos. You can back up to your computer or have a look at cloud services you can use. Google One, for example, offers 100 Gigabytes of storage for around $30 a year and there are plenty of options out there that cost even less.  

Once you’ve backed everything up you can reset your phone and get rid of FluBot once and for all. 

The good news is once you’ve set up a cloud-based service, backing up your content will take place automatically, so in future if anything happens to your phone you’ve got all your data stored safely somewhere else.  

If you do get text message spam, let the DIA know by forwarding it to 7726. It’s important that we track what’s coming in as it helps the New Zealand telcos and agencies figure out how to combat the  problem, and ultimately reduce just how many of these nasties we get. 

 

by Paul Brislen CEO of the Telecommunications Forum