Home » Beware of this fake Android security update – it really is malware

Beware of this fake Android security update – it really is malware

The famous FluBot Android banking Trojan has a terribly fun new trick up its sleeve: it tries to trick you into downloading a bogus “security update” by warning you about… FluBot itself.

“Your device is infected with FluBot malware,” reads a bright red screen that you’ll see if you click a link in a text message. “Android has detected that your device has been infected.”

In fact, your device has NOT been infected yet. But it will if you do what the message suggests: “You must install an Android security update to remove FluBot.”

The real warning about this false warning came last week from the New Zealand Computer Emergency Response Team (CERT NZ), a government agency that alerts citizens and businesses to cybersecurity threats. (Many countries have one CERT; the United States has sort of two.)

See more

When we last checked in on FluBot, it pulled you in with a text message letting you know about a problem with the delivery of a package. A link in the message directing you to a fake page stating that you need to download and fill out a form to get your package. You would be infected with FluBot if you followed the instructions.

You can still receive that package delivery notice, said CERT NZ, which started with a tweet about the new variant and then followed by a blog post. Or you might get a fake SMS warning that some naughty photos of you have been uploaded.

Sometimes you will get a picture of a friendly young lady holding a package with the traditional “request form” to download and fill out. Sometimes you will get the scary picture below. (We appreciate the humor of putting a trademark symbol next to the name of the malware.)

(Image credit: CERT NZ / FluBot)

How to avoid getting infected with FluBot

“The malicious application will only infect your phone if [you] click on the link AND download the app, ”the CERT NZ blog post said. “Receiving the text does not mean you are infected. Apple phones can receive the message but cannot be infected. “

It is very true. The same goes for two statements in the fake FluBot warning screen itself.

“FluBot is Android spyware that aims to steal your device’s financial login and password data,” he says. If you are having difficulty installing the bogus “Android security update” then you should “select” Settings “and enable installation of unknown applications”.

This is because, by default, Android phones provided by Google will only install apps from the official Google Play Store, unless the user overrides these settings. This is what the false warning / true FluBot wants you to do. Do not do it.

Instead, make sure that the default app load settings are enabled. In Android 8 or later, go to Settings> Apps> Special Access> Install Unknown Apps, then make sure “Not Allowed” is next to each app name. If you see an “Allowed,” tap the app and turn the switch off.

On Android 7 or earlier, go to Settings> Security (or Lock screen & security), where you’ll see an entry titled “Unknown sources”. Make sure it is disabled.

You’ll also want to run one of the best Android antivirus apps. FluBot has been around for most of 2021, so most antivirus apps will recognize and block it immediately.

FluBot first appeared in Spain at the start of 2021, has spread to other European countries and is now expanding worldwide.

If you get a text that says a package is waiting for you – or especially if you receive a text that appears to be about an expensive item, like an iPhone 13, just waiting to be picked up – be very, very suspicious. Do not download random software from links that appear in text messages, and especially do not activate unknown sources or unknown applications.



Please enter your comment!
Please enter your name here

Stay on Top - Get the daily news in your inbox

Trending this Week