What Is FluBot and How to Remove It

Chances are you or someone who know has received a text message that looks similar to the message to the right. This is an example of the wave of scam texts Irish mobile phone users have been received over recent days, with an aim to infect the users phone with FluBot malware.

In a statement today, the National Cyber Security Centre (NCSC) said it had received reports of the spyware software called FluBot.

The scammers send a text message containing a link for the victim to click on to access details on a missed or upcoming package delivery. The link will direct to a malicious website that looks similar to a legitimate delivery company’s site.

The victim will then be asked to download one or multiple files, which contain malicious code. They will then be prompted to manually override and allow an untrusted app to download onto their phone – this is where the malware will install itself and start to bury itself deeper in to your device.

The NCSC advised that the issue is currently only affecting Android phones and Apple devices are not affected. All major phone operators have issued a warning to customers via social media over recent days.

To address this issue, XDA Recognised Developer linuxct has created an open-source app called malninstall, which can help you uninstall the malware from your phone If you do end up getting infected by FluBot, you can download the latest version of malninstall from GitHub here.

Instructions as noted on https://github.com/linuxct/malninstall

This tool relies on setting itself as your default application launcher in a temporary way.
It was discovered that whenever FluBot detects that the user is attempting to uninstall the malware, it will always go to the home page, thus having a controlled application as your launcher allows the user to tap on the OK button of the uninstall prompt without any issues.

This has been tested on several devices, including Sony Xperia XZ Premium, OnePlus 8, and more.

Follow the steps below in order to use it.

1. Download the latest version from here.
2. Install the application on the infected device.
3. (Optional, but recommended) Disconnect the Wi-Fi and Mobile data connection on the device.
4. Follow the in-screen steps to set up the tool as the default launcher. Depending on the device manufacturer, this step may have to be done manually by accessing the system settings.
5. Uninstall the malware. If prompted to choose the default launcher again, you must tap on “Always”. Then, you will be able to hit “OK” on the uninstall prompt.
6. Undo the default launcher choice by following the in-screen steps.
7. You may now uninstall the tool.

You can see how usage of the tool looks in the video below.

Follow on steps I would recommend is to change the password for any service/app you have installed on your phone, including online banking, and most importantly be more aware of clicking any links you receive in a text, email etc. on your phone (and other devices!), even if it looks like it’s coming from someone you know, as their device could also be infected.