New ‘Flubot’ malware steals user passwords: Here how to remove it
Despite Google’s protections, dangerous apps occasionally manage to slip through and infect users devices, like the Flubot malware that steals users passwords.
The Google Play Store is the safest way for users running Google’s Android operating system to install apps and games, thanks in part to the company’s anti-malware protections that scan apps uploaded to the store. The company also offers Google Play Protect, a tool to scan for malware, including apps installed outside the Play Store.
However, despite Google’s protections, dangerous apps occasionally manage to slip through and infect users devices, like the new Flubot malware that steals users passwords by reportedly masquerading as popular apps. The appearance of the virus was reported by the BBC after Vodafone UK, Three and EE alerted their users towards its existence.
⚠️SCAM TEXT ALERT ⚠️— Vodafone UK (@VodafoneUK) April 22, 2021
If you receive a text message that looks like the one below:
IGNORE: Do not click any links.
REPORT: Report it by forwarding to 7726.
DELETE: Remove the text from your phone. pic.twitter.com/ailKcmXYh4
The text message scam spreads via SMS and relies on social engineering, disguised as a message from a package delivery company and asking users to install an app to track their delivery. Since the app isn’t available on the Google Play Store, the linked APK (package installer) file must be downloaded and installed manually, something that the average should avoid if they do not understand the security implications or trust the source of the application.
According to the UK’s National Cyber Security Centre (NCSC), users who are infected by the malware must take appropriate steps to protect their data. While it is still unclear how the malware is able to easily extract user information including passwords and credentials, it does raise the question of how Google Play Protect doesn’t flag the malware and prompt users to uninstall the app.
While users who are affected by the malware must not log into any new accounts to prevent any more of their data from being harvested, the NCSC says they must quickly reset their devices as soon as possible — as the malware cannot survive a full data wipe. They should also ideally change the passwords on any accounts that they may have installed after installing the Flubot virus, according to the NCSC.