Flubot Scam Evolving

Written by Marketing



Since August 2021, many Australians have been getting scam text messages about missed calls, voicemails or deliveries.  In the first month after this scam was first reported, Scamwatch received over 9500 reports of these scams.  

The ACCC has contacted Financial Institutions with urgent information for members detailing the dangerous evolution and anticipated impact arising from the evolution of flubot scam and its viral distribution to customers via SMS. The next phase of the ‘Flubot’ malware scam is likely to evolve to include attempts to imitate mobile banking apps and access consumer’s financial information. 

Following Flubot’s emergence in Europe earlier this year, scammers have developed a html page overlay for banking apps in those countries. This means that if consumers download the malware, they will download all available  overlays from the central Flubot server. These are designed to be identical to the login screens for their banking apps. When they open their banking app, consumers see a page identical to the login screen they are used to and enter their account and personal details, which are then sent back to the Flubot control server and can be used to access consumers bank details from then on.

We are concerned that Australia-specific banking login pages are being prepared for all banks and will soon be uploaded to the central server and widely disseminated to infected devices. This will result in infected users having their banking credentials compromised and will likely cause significant financial losses. 

How this scam works and what to look out for

Scammers are frequently updating the Flubot text message format. We’ll update this page, but we recommend that you check the @Scamwatch_gov Twitter account  for the most up to date warnings about these messages.

Here are some examples of what these texts currently look like. 

Clicking the link in these types of messages could lead to downloading malware to your phone. 

The application may be able to:

Installing the software is likely to give scammers access to your passwords and accounts. They may be able to use this information to steal your money or personal information.

It will also ask other infected Australian phones to send Flubot messages to the numbers it steals from your phone, continuing and expanding the scam.

Potential future iterations of this scam may possibly utilise messages like:

How to protect yourself

Enquire Call 02 9859 0585