FluBot Malware

FluBot was a sophisticated Android malware strain that operated from 2020 to 2022, when an international law-enforcement takedown disrupted its infrastructure. It spread primarily via smishing: victims received text messages about missed parcels or voicemails with a link to a fake delivery-tracking app or voicemail player. Installing the app granted FluBot extensive device permissions, allowing it to overlay fake login screens on top of real banking apps to harvest credentials, access and forward all SMS messages (including one-time codes), read the contacts list to send further smishing messages to all the victim's contacts, and capture credit-card details via payment overlays.

FluBot's self-propagation through contact lists made it extremely difficult to contain. Victims would receive apparently legitimate texts from friends' or family members' numbers, raising their trust in the link. At its peak, FluBot was sending tens of millions of smishing messages per day across Europe and Australia.

FluBot was neutralised but serves as a template. Consumers should never install apps from links in text messages; use only official app stores. If you receive an unsolicited link about a parcel you were not expecting, go to the carrier's official website directly rather than following any link.