Parcel delivery text messaging scammers trying new ways to snare Kiwis

CERT NZ, the Government's cybersecurity agency, has updated its warning regarding a text messaging scam infecting Android mobile phones in New Zealand amid new ways of infecting users.

The FluBot malware is being transmitted via a text message about a parcel delivery either pending or that has been missed, with a link to a fake delivery website included. 

However other new variants have appeared, with users instead being told a photo of them has been uploaded or being warned their device has already been infected with the FluBot malware.

In the latter, a big red warning page says the phone has detected the presence of FluBot and may convince users they've already been compromised.

"FlutBot is an Android spyware that aims to steal financial login and password data from your device. You must install an Android security update to remove FluBot," the page reads.

CERT NZ says anyone seeing the page should close it immediately and not click on the 'Install security update' button.

If the link is clicked, a prompt is then given to install the application. Instead, it installs the malicious app, which has the potential to cause significant financial loss, CERT said.

Apple iPhone users may also get the original parcel delivery text messages, but aren't impacted by the malicious app.

"The application attempts to steal your banking and credit card information as well your contact list, which it uploads to a server to continue spreading itself," CERT NZ said.

"Once a device has been infected with this malicious app it can result in significant financial loss."

The app spreads by automatically sending text messages from infected devices to contacts it has received from other infected devices. It then blocks the number so the recipient can't respond.

"Parcel delivery messages spreading the malicious app will come from New Zealand or other mobile numbers and contain a link to a parcel delivery website asking to install an application," the cybersecurity agency said.

"If you are expecting a delivery, it's best to track the delivery via the courier's website directly."

Because of the potential significant impact of the malicious app, immediate action needs to be taken.

CERT NZ is advising all those affected to factory reset their device as soon as possible, deleting all personal data.

"Do not restore from backups created after installing the app. Seek the services of a qualified IT professional if you require assistance."

People impacted also need to change the passwords to all online accounts, with online bank accounts a priority.

"If you have concerns that your accounts may have been accessed by unauthorised people, contact your bank immediately," CERT NZ said.

Messages can be reported to CERT NZ by forwarding for free to 7726. They should then be deleted.