www.belgium.be Logo of the federal government

THE BIPST AND BELGIAN CYBERSECURITY CENTER SOUND THE ALARM AGAIN ABOUT A TSUNAMI OF SMISHING MESSAGES AFTER FAKE TEXT MESSAGES

News

Since last week, mobile operators have blocked more than 2 million text messages per day. Indeed, the dangerous Flubot virus is on the rise again. This virus can take full control of a mobile phone and send text messages in the name of the victim to all the contacts stored in the phonebook of the device as well as to other mobile phone numbers. More than 2,000 infected mobile phones have already been blocked by mobile operators in the last few days due to abnormally high text messaging traffic.

"The suspicious text messages appear to be from a parcel service. If you click on the link in the text message, you will be asked to download an application. Don't do this. You will install a virus on your device that can access your personal data such as passwords, credit card information and your entire contact list," says Katrien Eggers, a spokesperson for the CCB.

The text messages are sent from the mobile phones of customers infected with the mobile malware Flubot (the name of the virus that spreads via text messages). It is difficult to determine the exact origin of the text messages, because once infected, it is the client's mobile phone that becomes the transmission vector to other users. In other words, these text messages come from legitimate customers of telecom operators.

Urgent warning

Jack Hamande, BIPST Board Member: "When operators find that a customer has been infected, for example based on abnormal text message traffic, they temporarily block that customer and explain them why they have been blocked and provide instructions on how to remove the malware. It is therefore up to the customer to remove the mobile malware from their device. It is important for customers to do this. This is because the malware also sends international messages and can therefore potentially result in high bills."

Operators will temporarily block the numbers of infected customers. The customer can then still call and receive text messages, but can no longer send them. After a certain period of time, or after the customer has confirmed that they have removed the malware, they can send messages again. If new suspicious text messaging traffic is detected, the customer will be temporarily blocked again.

Since last week, mobile operators have blocked more than 2 million text messages per day. More than 2,000 infected mobile phones have already been blocked by mobile operators in the last few days due to abnormally high text messaging traffic.

This is why BIPST and CCB are making an urgent appeal to cell phone users:

1. Always be alert when you receive an unexpected message

2. Do not click on links in a text message!

3. Never install applications via a link sent in a text message

Only install applications from a standard application store (Google Play, App Store). If, during the installation of an application, you get a message that prevents the installation or warns you about security problems, do not continue.

 Anyone who has installed Flubot on a mobile phone should immediately remove the virus. How?

 Method 1: Restore your device to factory settings

 Method 2: Restart your device in "safe mode" and remove the fake application

After removing the virus, change all the passwords of the accounts you have access to from your smartphone. As a text message may have been sent on behalf of the victim to all their contacts, they should also be notified as soon as possible.

In addition, victims will not always notice immediately that a very large number of text messages have been sent. However, it will be possible to see large numbers of text messages on your phone bill. In that case, the victim must contact his operator. The only way to prevent your phone number from being misused is by deleting the application.

You can send screenshots of the fraudulent messages to suspicious@safeonweb.be