It seems that a new SMS attack has been plaguing Android users devices. It was first seen in Spain when local media reported some complaints. The attack is clearly a spear phishing effort that has already found several victims.

FluBot is transmitted mainly through weblinks shared via SMS. These SMSes have persuasive texts that entice the user into clicking on the link, which usually points to a hacked website where the FluBot installation package is hosted. The installer for the malware is hidden within other genuine-looking APKs.

FluBot lays low on a user’s smartphone in the form of fake applications. Some of the names used by the attackers for these fake apps include “FedEx,” “DHL,” “Correos,” and “Chrome.” The malware also replaces a user’s default SMS app to intercept all banking-related one-time passwords (OTPs) or access keys received via SMS. Additionally, by transmitting a user’s contact list to its server, the malware sends similar SMSes to other people in the contacts to woo them like the original victim.

Common sense suggests everyone should avoid links sent by SMS as they are being used widely now for spam campaigns. It is not yet known if the robocallers are stepping up their game or whether this is a new fraud campaign.