Have you received strange SMS messages or spam texts mentioning a ‘missed delivery’ or another unexpected service?

If you think your phone has got the Flubot, here’s what you can do

We’ve seen an unusually high volume of scam texts recently, which is impacting all mobile networks in New Zealand. There’s malware going around called Flubot that spreads via SMS and can infect Android phones.

If you’ve received any strange text/SMS messages, such as mentioning a missed delivery or that someone has uploaded photos of you, this might be the first step to your phone being infected by the Flubot. We are working rapidly to protect customers including blocking URLs that are included within these text messages, but you can take steps to protect yourself or respond if your phone has been infected. Please also take care to help impacted friends and whānau.

Always remember: if you receive an unusual text message, do not click on the link unless you’re certain it belongs to someone you trust and the URL looks legitimate. Phone users should only ever install applications from the official app store.

What is Flubot?

Flubot malware has started to appear in New Zealand after circulating around Europe and Australia for some time. This is like a computer virus that can be installed on an Android device if you click on a malicious link in a SMS message, to install the malware app, it then sends many similar text messages to other people from your phone without your knowledge.

If your phone gets infected with the Flubot, you should urgently remove the malware and change all your passwords, such as by using another device that is not infected. Note the Flubot infects Android phones only, not iPhones.

What will the Flubot do?

There are a range of things that can happen once you’ve downloaded the infected app. As well as send out text messages to others, the Flubot malware then possesses the ability to perform other harmful actions on your device, including:

  • Disabling the Google Play Protect mechanism
  • Reading, intercepting and sending text messages
  • Reading the list of contacts
  • Adding phone numbers to a device’s blacklist
  • Uninstalling applications
  • Blocking notifications
  • Stealing credit card information

What does a Flubot text look like?

There are a variety of text messages going around, but some look like:

These scam texts continue to evolve, with reports of new messages asking you to check your voicemail or retrieve a photo album.

It's worth noting that most official service advisory texts come from a 3 or 4 digit shortcode. So if the text message comes from a sender that is not a shortcode, it might be the Flubot.

How can my phone/device get infected?
If you click on a suspicious link contained in one of these scam messages, you will be taken to a web page where you’ll be asked to install an app. If you install this app, then the Flubot malware will be loaded on your phone.

Will I know if my phone/device has been infected?
If your Android device is infected with Flubot, you will not know if your personal data is being accessed, and you will not be able to see your handset sending SMS messages to spam others. Some customers have told us they are receiving text messages or telephone calls from people complaining about messages sent to them, but they did not send any messages. If you’re not sure, you can perform a Google Play Protect scan via the steps listed below.

What is an Android device?
An Android phone is not an iPhone. It is a smartphone that runs on the Android operating system (OS) developed by Google. Android is used by a variety of mobile phone manufacturers including Samsung and OPPO.

What can I do if my phone has been infected?
You can report scam calls and messages to the Department of Internal Affairs (DIA) by forwarding the SMS to 7726. They are coordinating the response to this attack across all mobile providers.

If you think your phone has got the Flubot, CERT NZ provides the following advice:

  1. Report to CERT NZ via www.cert.govt.nz.
  2. Forward the text to 7726.
  3. Change all passwords, especially banking passwords.
  4. Factory reset your phone or restore from a back-up made prior to receiving the text.
  5. Call your bank to see if there’s any suspicious activity.

If you’ve clicked the link and downloaded the app you will most likely need to do all five steps.

I've clicked on a link but didn’t download an app, what do I do?
If you clicked the link but didn’t download anything, follow steps 1-3 above.

If you didn’t click the link, just complete steps 1-2.

How do I do a 'factory reset'?
Device manufacturers provide guidance and steps for individual phones as this can differ between models and brands. Here is information for Samsung Galaxy and OPPO phones, for example.

What can I do if I'm using an iPhone and am getting lots of spam texts?
As noted above, the Flubot only infects Android phones, so if you’re on an iPhone the best thing you can do is to ignore and delete any texts (even if they’re annoying!). You can also report any unwanted scam messages to CERT NZ and the DIA.

How do I protect my phone in the future?

  • Never open links that seem suspicious: If you receive an unusual text message, check it carefully. Do not click on the link unless you’re certain it belongs to someone you trust and the URL looks legitimate. You should only ever install applications to your phone from the official app store.
  • Don’t grant apps broad permissions, and only let apps access what they need to function: Avoid any apps that ask for more data than necessary. Such as with the Flubot, broad permissions can lead to the malware being able to perform unwanted tasks and spread further.
  • Keep Google Play Protect switched ON in your settings (Android version 8 or later): Google Play Protect helps you keep your device safe and secure. Google Play Protect is on by default, and we recommend keeping it activated. If you have turned this security feature off, or you’re not sure, here is more information outlining how you can check and turn it back on.
  • If you are on an Android device, within the Security menu disable “Unknown sources “ or “Install Unknown Apps”: A lot of malicious apps can come to your phone from outside of the official Google Play store, such as from unknown sources. While it might be tempting to install the occasional app that you can’t find in the official app store. We do not recommend doing this, but if you’re willing to take the risk and trust the source, then make sure to disable the feature again afterwards to reduce any ongoing security risk.
  • Also within the Security menu do not install suspicious apps from the “Install unknown apps” section.

For more information, please visit the CERT NZ website: https://www.cert.govt.nz/individuals/alerts/parcel-delivery-sms-infecting-android-phones/.

Please report any scam texts to the Department of Internal Affairs (DIA) by forwarding the SMS to 7726.

Latest News

Network Status

Mobile ›
Excellent Very Good Good Fair Low No Connection
Landline & Broadband ›
Excellent Very Good Good Fair Low No Connection

Internet Explorer Not Supported

Please note that we do not support Internet Explorer. For optimal browsing we recommend Chrome, Safari, or Firefox.