Showing results for 
Show  only  | Search instead for 
Did you mean: 
100% helpful (1/1)
Community Manager
Community Manager

Malware 'FluBot' or Delivery Fraudulent Service SMS


What’s happening?

Many people in Europe have been targeted with a text message that looks like it’s from a trusted delivery service like DHL, Amazon, Asda, and Argos etc.
  • If you click and download the app on an Android phone, it’ll try to install the app.
  • If the app is installed, the malware contained in the app could intercept text messages or capture online banking details.

48 is aware that some customers have been targeted with a message that contains this malicious link – known as Flubot. We’re advising customers to be alert and careful about clicking on any links received via text message.

Advice to customers...

If you’ve received the message but have not clicked on the link:

Delete the message.

If you’ve received the message and have clicked the link but not downloaded the app:

Your phone won’t be infected with malware and you can delete the message.

What to do if I’ve received the message, clicked on the link and downloaded the app on a non-Android device?

Your device won’t have been affected and you can delete the message.


What to do if I’ve received the message, clicked on the link, and downloaded the app on an Android device:

Please be aware that your contacts, text messages, and online banking details may have been accessed by fraudsters. You’re advised to follow the steps below immediately:
  1. Activate Google Play Protect (GPP) within the Google Play Store app – you can find info on how to do that here. This might allow you identify and uninstall the malware app. If you’ve been successful, in most cases, you’ll get a notification saying the app was successfully removed.
    Note: A number of Huawei devices may not have access to Google Play Protect. If you have one of these devices, you can use Huawei’s own anti-virus tool.
  2. If the suspected malware app you downloaded remains on your phone, you can activate Android’s Safe Mode. Safe Mode temporarily blocks third-party apps from running and will let you uninstall the malware apps. You will need to follow the device manufacturer guidelines to activate Safe Mode.
  3. If the 2 steps above are unsuccessful, we strongly advise you to do a factory reset. If you don’t, then you could be at risk of having your personal data viewed by a fraudster. When you set up the phone after the factory reset, you may be asked if you want to restore from a backup. Please avoid restoring from any backups created after you download the malware app, as these will also be infected. If you don’t have backups enabled, then you’ll lose data like photos, downloads or contacts.
  4. For further protection:
    • If you use an online banking app, you need to contact your bank urgently. Tell them what’s happened and ask for further guidance.
    • Make sure you change any passwords stored on your device, in text messages, notes, or contacts.
    • Change any other app or online services passwords that you may have entered while the fraud app was installed.

To protect yourself from future scams like this, you should:

  1. Enable built-in or third-party antivirus tools
  2. Enable back-ups on your device so you don’t lose important information
  3. Avoid opening suspicious web links in messages
  4. Only install apps from the app store that your manufacturer recommends
  5. Avoid giving apps unnecessary permissions

For more information you can visit

Was this article helpful? Yes No
Version history
Last update:
‎17-09-2021 04:33 PM
Updated by: