"The shipment has been returned twice to the nearest center"This is the text that, together with an alphanumeric code and a link, various people are receiving by message in the last hours. We are again faced with the SMS scam that aims to infect Android devices with Flubot. A malware that at the beginning of March it was estimated that it had infected more than 60,000 mobile phones.
The hook they use this time, impersonating DHL as we can see once we access the link, is the same hook that the attackers used just two weeks ago posing as MRW, another logistics company. Both text messages, in addition, they were accompanied by an alphanumeric code that begins with "AMZ" and that it may suggest that it is a supposed Amazon shipment. Although we already know that none of this is real.
Although the hooks of text messages change, as well as the supposed logistics companies that send them, the mechanics are always the same: try to get potential victims to download a malicious application
Attack campaigns that do not stop
For months, recurrently, we have detected new waves of attacks that use the name of logistics companies as a decoy. The mechanics are always the same: we receive an SMS that refers to a package that is in transit, that could not be delivered, that requires a small payment for its delivery or similar together with a malicious link.
If we access, what we find is a website that supplants DHL in this case, but it can be any other company as we mentioned, and invites us to download an application -something that under no circumstances should we do- to be able to control this supposed shipment. There is the key.
We must not lower our guard against this type of message and never click on the links unless we are tremendously sure of what we are doing.
The application, which we must install outside of Google Play by disabling system security measures to prevent, precisely, that applications of dubious origin can be installed, is actually a dangerous malware. A malicious application that may be able to steal personal data and even leave your bank accounts to zero. All without the majority of victims being able to perceive the problem at first.
Although our Android device and browser may warn us when we try to access one of these malicious websites and / or download the application APK file, We must not lower our guard before this type of message and never click on the links unless we are tremendously sure of what we are doing. Even if we receive these messages on iPhone, because since the application only works for Google's mobile operating system, on Apple devices the websites redirect us to other types of malicious portals.