Consumer | Cyber Security |

Getting strange ‘missed call’ SMS messages? Here’s how to avoid the Flubot

By Clive Reeves August 12, 2021

If you’ve been receiving some strange, garbled SMS messages mentioning a missed call or voicemail recently, you’re not alone. The messages are generated by malware called Flubot, which spreads via SMS and can infect insecure Android phones.

What is Flubot?

FluBot is malware – like a computer virus – that can be installed on your Android device if you click on a malicious link in a SMS message. This malware then sends many similar text messages to other people from your phone without your knowledge, potentially infecting them. Telstra has identified a number of handsets recently which we believe are potentially infected.

If installed, the malware has wide access and can harvest your contact list to further spread, as well as accessing your personal information and banking details if you used it while infected. If infected, you should urgently remove the malware and change all your passwords, using another device that is not infected.

The Flubot malware has started to appear in Australia after circulating around Europe for some time. We’ve documented this on our Recent Scams page, but it’s worth educating yourself to stay safe. Read on to find out more.

How do phones get infected?

You may receive an SMS from another mobile telephone number with a message like

“a1bcd2 Voicemail: You have 1 new Voicemail(s). Go to [link]”

If you click on the link, you will be taken to a web page displaying a trusted brand (like Telstra) and prompted to install an app, for example to listen to the voicemail message. If you give permission to install, then the Flubot malware will be loaded on your handset.

Flubot is a sophisticated piece of malware because it spreads by sending SMS messages to random mobile numbers, as well as mobile numbers scraped from a compromised Android device’s contact list. Each time it does this it creates a new, unique link, making it difficult to block at a network level. These messages are also being sent from infected devices all across the world that have fallen victim to the malware.

To have your mobile phone compromised by the Flubot malware, you would have to click on the link and visit the malicious website in the SMS you receive. It will only affect Android phones that have previously enabled the ‘side-loading’ of applications onto the device (which means the device is configured to permit the installation of software from less trustworthy locations than the Google Play Store) – so unless you’ve done this, you can rest easy.

How can I tell if I’m infected?

If your device is infected with Flubot, you will not know if your personal data is being accessed, and you will not be able to see your handset sending SMSes to infect others. The following are warning signs:

  • In your apps is a new app called “Voicemail” with a blue cassette in a yellow envelope. If you try to uninstall you receive an error message “You can not perform this action on a system service.”
  • You receive text messages or telephone calls from people complaining about messages you sent them but you did not know about the messages.
  • Telstra may detect you sending very high volumes of messages and send you an SMS, saying: “Your phone is sending many SMS and may be infected with malware/virus. Please remove the malware app or we may suspend your ability to send SMS. Search FLUBOT on Telstra website or call us for help.”

What can I do?

Importantly, just because you’ve received this message does not mean that your phone is already affected. If you’ve just received one of these messages, do not open the link and you’ll remain protected.

If you have clicked on the link and downloaded the software, chances are your device is now infected.

Most popular anti-virus applications for Android phones will detect Flubot to prevent infection, as well as clean up a currently infected device. Some information on how to remove Flubot from an Android device is available from security researchers at ESET, F-Secure, and our own CrowdSupport help page.

However, the instructions can be very technical. If this sounds too techy for you, you can also do a factory reset on your phone, which erases the malware.

Remember, performing a “restore” of any recent backup may restore the malware if a backup was done while the malware was installed, so, it’s important that after a reset, you not do this, use an back up that is dated earlier.

After you’ve removed the malware/virus from your phone, we recommend changing your passwords as a precaution. Do not change your passwords before removing the malware.

We’re working with the security community to address this scam. For now, as always, our advice is to be especially cautious of phone calls, messages and emails from an unfamiliar source, and not to click on links that you don’t trust. If you think your Telstra account has been compromised, get in touch with us.

You can report a scam to Telstra using our website, or call us on 13 22 00. If you want to learn more, we also have more cyber safety advice on our website.

Consumer | Cyber Security | Small Business |

Security notification: KRACK

By Berin Lautenbach October 17, 2017

At Telstra we take protecting the privacy and security of our customers and network seriously which is why we’re letting our customers know about a new security vulnerability that we have been made aware of, that could compromise users of modern protected WiFi networks.

The vulnerability, uncovered by university researchers, is named KRACK and it reduces the level of security encryption on a WiFi network. It has the potential to impact enterprise products and consumer devices which connect to WiFi such as mobile phones.
KRACK could be used by someone with ill intent to monitor WiFi surfing sessions and steal a user’s sensitive information or direct the user to phishing and malware pages.
While KRACK is notable, the WiFi Alliance has indicated that there is no evidence that the vulnerability has been exploited maliciously. Furthermore, many security experts agree that there is a reduced likelihood that criminals will exploit it as KRACK requires attackers to be physically located in the same spot as the WiFi network they wish to target. Moreover, many criminals would likely opt for traditional simple attacks like phishing which are effective, scalable, and allow targeting of victims from across the world. This has not been tested by Telstra.
Whilst this may be the case, we still recommend you take steps to protect yourself and your devices.

Help protect yourself now

To help protect yourself against KRACK, we recommend all customers exercise good WiFi security practices. While there is currently no guaranteed defence against KRACK, these measures will reduce your exposure and should be used when connected to any public WiFi.
1. Avoid conducting sensitive transactions like internet banking on public WiFi. Use your mobile data instead.
2. When using WiFi networks check that the sites you visit use HTTPS. Depending on your web browser, you can tell HTTPS is in use by looking to the left of the website address bar for the prefix HTTPS (as opposed to HTTP), a closed lock, or the words ‘Secure’.
3. Avoid open, password-free public WiFi networks such as those at airports. We recommend using the Telstra Air app when connecting to Telstra Air as the app helps protect you from accidentally connecting to a hotspot that is pretending to be part of the Telstra Air Network to unlawfully access your information.
WiFi users should be mindful of web browser warnings such as “your connection is not private” in Google Chrome, “this site is not secure” in Internet Explorer, and “your connection is not secure” in Mozilla Firefox. These warnings may indicate an attacker is attempting an attack which could send users to phishing or malware pages.

Patching: proper protection long-term

Proper protection against KRACK requires technology companies to issue patches in order to safeguard users of their products from this attack.
Microsoft has already issued patches for Windows 8 and Windows 10, and if you use this operating system you should apply the latest updates. Google is creating a patch for its Android operating system. Apple has already developed a patch that it says will be deployed to supported devices soon.

What we’re doing

Telstra is working rapidly with our modem suppliers to determine if any devices are vulnerable. If we determine there is an issue with a specific modem or Wi-Fi device then this can be resolved through software updates; Telstra will first determine which devices could be affected and then where possible update the device remotely to fix the security vulnerability.