Fake DHL Tracking App Android Malware Scam
Criminals distribute a fake DHL tracking app through phishing SMS links. The app mimics the real DHL app but secretly steals login credentials, intercepts SMS two-factor codes, and can capture banking details from overlay attacks on financial apps.
Part of: Fake App Downloads
Last reviewed: 8 June 2026
The official DHL app lets customers track parcels, manage deliveries, and access their DHL account. Scammers create near-perfect replicas and spread them through SMS campaigns that tell recipients they need to install the app to receive or reschedule an imminent delivery.
Once installed, the fake app establishes a persistent background service. It reads incoming SMS messages to intercept authentication codes for banking apps and email accounts. It may also use Android's accessibility features to overlay fake login screens on top of legitimate banking apps, capturing credentials whenever the victim opens their bank.
The real DHL app is available on the Apple App Store and Google Play under DHL Express. DHL never sends download links by SMS, and the real app does not require device-administrator permissions or broad SMS access to function.
How this scam works on the DHL brand
An SMS arrives: DHL — We attempted delivery. Install the DHL app to confirm a delivery window for your parcel — and provides an APK link. The app's icon and launch screen are identical to the official DHL app. After installation it asks for accessibility-service permissions, SMS access, and device-administrator rights.
With these permissions it can intercept bank two-factor codes, read contact lists, and overlay fake login screens on financial apps. The attacker receives harvested credentials in real time via a command-and-control server.
Some variants of the fake DHL app are particularly aggressive: they prevent uninstallation by abusing device-administrator rights, requiring the victim to revoke administrator access in device settings before the app can be removed.
Common red flags
- SMS provides a link to download the DHL app — the real DHL app is on the official app stores only
- Download requires enabling unknown sources on Android
- The installed app requests accessibility-service, device-administrator, or SMS permissions
- The app developer on the store listing is not DHL Express
- App cannot be uninstalled through normal means — it has device-administrator rights
- You notice unfamiliar banking login attempts after installing the app
- Your two-factor authentication codes are being intercepted and banking sessions are opened without your knowledge
How to protect yourself
- Download the DHL app only from Google Play or the Apple App Store — search DHL Express and verify the developer
- Never enable install from unknown sources for a link received by SMS
- Deny accessibility-service and device-administrator permissions to any app that does not clearly need them
- If you installed a suspicious app, revoke device-administrator rights in Settings, then uninstall it
- Run a mobile security scan after removal to check for residual components
- Change passwords for banking, email, and any other account accessed since the app was installed
- Contact your bank if you notice suspicious login activity
How to report it
- Report to DHL at [email protected]
- Forward the smishing text to 7726
- Report to the FTC at reportfraud.ftc.gov (US) or Action Fraud at actionfraud.police.uk (UK)
- Report the malicious APK to Google Safe Browsing at safebrowsing.google.com/safebrowsing/report_badware/
- File at ic3.gov if financial loss occurred
Frequently asked questions
How do I remove a fake DHL app that has device-administrator rights?
Go to Settings, then Security or Biometrics and Security, then Device Admin Apps. Find the malicious app and revoke its administrator rights. You can then uninstall it normally through Settings > Apps. Run a security scan afterwards to check for residual components.
Why does the fake app need accessibility-service permissions?
Accessibility services allow an app to read and interact with other apps on the screen. Malicious apps abuse this to overlay fake login screens on top of banking apps and capture the credentials you type, even though you appear to be logging into your real bank app.
Can iOS users be affected by the fake DHL APK?
Standard APK files only run on Android. However, iOS-targeted fake DHL apps do exist — distributed through fake App Store listings or malicious TestFlight links. The principles of defence are the same: only install apps from the official App Store, verify the developer name, and reject unnecessary permission requests.