Devastating Flubot Malware Spreads From Europe to Australia
Author: Trend Micro
This article is from Trend Micro.
Thousands of Android users in Australia have recently been targeted by Flubot — a destructive malware that is spreading through scam text messages.
It was only back in April that Flubot was wreaking havoc across Europe. Originally spotted in Spain, it wasn’t long before the malware began spreading quickly throughout the UK, Germany, Hungary, Italy, and Poland.
Australians have been taking to social media in droves to express their frustrations at being bombarded by the scam messages:
What is Flubot and how does it work?
Flubot is a particularly devastating mobile malware. It targets Android users by sending them SMS messages that say they have a new voicemail message. Oftentimes, the messages appear to come from well-known delivery or telecommunications companies.
To listen to the voicemail message, the victim needs to click on the included link and download an app. If the scammers are impersonating a well-known company, the link will take the victim to a fake version of the company’s website, and the malicious app they’re prompted to download will appear to be from the company, too. Otherwise, as in the example below, the victim will be asked to download a fairly generic-looking voicemail app.
Regardless of which variant of the scam the victim is subjected to, if they install the app, their phone will become infected with the Flubot malware. If the victim grants the app the permissions it asks for, the malware will be free to access anything stored on the phone, including credit card and personal information. Flubot can also send and intercept SMS messages, open web browser pages, and trick people into entering additional personal information such as passwords.
Because Flubot is free to read any information stored on a victim’s phone, the scammers can access their contacts, gaining all the information they need to target many more people.
You need to protect yourself
For the victims of Flubot, the fallout could be immense. When scammers have access to all the personal information stored on your phone, they can use it to empty your bank account, log into all your online accounts, and even steal your identity.
The best defense is a good offense
To be sure you come out on top in the fight against Flubot you need two things – good mobile hygiene and an excellent mobile antivirus app. Here are some top tips:
- Keep your device’s operating system updated, use strong, unique passwords, and enable multi-factor authentication.
- In Settings on your Android device, disable “Install Unknown Apps”. This makes it so you can only install apps available from the Google Play Store, and not from unknown sources. If you do this, Flubot won’t be able to make it onto your device.
- Never open links in suspicious messages. Make sure you know who sent you the message before you click on anything.
- Be careful when granting apps broad permissions. You should only give apps access to the data they need to function, nothing more.
- Immensely strengthen your device’s security by using a mobile antivirus app. Trend Micro™ Mobile Security is guaranteed to stop Flubot dead in its tracks. The app detects and blocks Flubot — and other cybersecurity threats — before they can even be installed, ensuring complete protection.
Accidentally installed Flubot? Here’s what to do
To properly remove the malware-infected app, you need to uninstall it in safe mode. Here’s how to do it:
1. Press and hold the power button.
2. Tap and hold Power off.
3. When the Safe mode icon appears, tap it.
4. Find the Flubot app on your phone, tap and hold the app, and drag it to the trash can icon to uninstall it.
To turn off Safe mode:
1. Press and hold the power button.
2. Tap the Restart icon.
Once you’ve uninstalled the malicious app, run a scan using Trend Micro™ Mobile Security to be sure your device is 100% safe and secure.
Report a Scam!
Have you fallen for a hoax, bought a fake product? Report the site and warn others!
Scam Categories
Help & Info
Top Safety Picks
Your Go-To Tools for Online SafetyDisclaimer: Some of the links here are affiliate links. If you click them and make a purchase, we may earn a commission at no extra cost to you.
- ScamAdviser App - iOS : Your personal scam detector, on the go! Check website safety, report scams, and get instant alerts. Available on iOS
- ScamAdviser App - Android : Your personal scam detector, on the go! Check website safety, report scams, and get instant alerts. Available on Android.
- NordVPN : NordVPN keeps your connection private and secure whether you are at home, traveling, or streaming from another country. It protects your data, blocks unwanted ads and trackers, and helps you access your paid subscriptions anywhere. Try it Today!
- Incogni : Incogni automatically removes your personal data from data brokers that trade in personal information online, helping reduce scam and identity theft risks without the hassle of manual opt-outs. Reclaim your privacy now!
Popular Stories
As the influence of the internet rises, so does the prevalence of online scams. There are fraudsters making all kinds of claims to trap victims online - from fake investment opportunities to online stores - and the internet allows them to operate from any part of the world with anonymity. The ability to spot online scams is an important skill to have as the virtual world is increasingly becoming a part of every facet of our lives. The below tips will help you identify the signs which can indicate that a website could be a scam. Common Sense: Too Good To Be True When looking for goods online, a great deal can be very enticing. A Gucci bag or a new iPhone for half the price? Who wouldn’t want to grab such a deal? Scammers know this too and try to take advantage of the fact. If an online deal looks too good to be true, think twice and double-check things. The easiest way to do this is to simply check out the same product at competing websites (that you trust). If the difference in prices is huge, it might be better to double-check the rest of the website. Check Out the Social Media Links Social media is a core part of ecommerce businesses these days and consumers often expect online shops to have a social media presence. Scammers know this and often insert logos of social media sites on their websites. Scratching beneath the surface often reveals this fu
How do I recover my crypto after it’s stolen? What happens if your crypto wallet is compromised? Can stolen crypto be traced, and can police actually recover crypto in 2026? These are the questions most people ask within minutes of realizing their wallet has been drained. Crypto theft is fast, quiet, and unforgiving. By the time most victims notice something is wrong, the funds are already moving across the blockchain. Once seen as a problem for exchanges and whales, crypto theft now heavily affects everyday investors. Phishing links, fake support chats, wallet approval scams, SIM swaps, and malware attacks have become common. Knowing what recovery realistically looks like—and what it doesn’t—can prevent panic, bad decisions, and costly follow-up scams. In a Nutshell Crypto recovery is possible, but only in limited situations Blockchain transactions are irreversible, but stolen crypto can still be traced Speed and documentation matter more than optimism Police and exchanges play a bigger role than private recovery services Guaranteed recovery offers are almost always scams Is it Actually Possible to Recover Stolen Crypto? Yes, crypto recovery is possible, but only under specific conditions and rarely through direct action by the victim. Blockchain transactions are final by design. Once crypto is sent and confirmed, it cannot be reversed. There is no central authority, no chargeback process, and no technical “undo” button, even if the transaction was clearly fraudulent. This is where many people ask whether stolen crypto can be traced. In most cases, it can. Every transaction