Dangerous new text on Android phones lets hackers in – don’t tap it

HACKERS are targeting Android smartphones by sending texts to victims with phoney offers of free software.

According to cyber security experts, clicking the link grants the attackers access to your phone – and possibly your online banking credentials.

Android users are being warned of a dodgy text that takes over your device


Android users are being warned of a dodgy text that takes over your deviceCredit: SOPA Images/LightRocket via Gett

The campaign was unearthed by MalwareHunterTeam, a group of researchers who help consumers identify cyber-attacks.

They told tech website Bleeping Computer last week that the dodgy texts are a form of SMS phishing (smishing).

Phishing attacks lure victims to a website that appears to be operated by a trusted entity, such as a bank, social media platform or other service.

The website, however, is phoney with fake content designed to persuade a victim to enter sensitive information, like a password or email address.

According to MalwareHunterTeam, the latest campaign sends out SMS texts asking the recipient if they intended to upload a video from their device.

When the recipient clicks on the included link, they’re taken to a fake web page asking them to install a phoney Flash Player app.

Flash Player was a piece of software used to stream and view video that was killed off by developer Adobe in 2020.

Users who tap to download the fake Adobe app inadvertently install malware onto their device, researchers said.

It’s the latest iteration of a dangerous type of malware called “FluBot” that swept across the globe last year.

Hackers infect devices with FluBot by sending out thousands of SMS messages containing links to a malicious URL.

When a recipient taps the link, they’re encouraged to install a seemingly innocuous app onto their device.

The app, however, is FluBot in disguise. Once downloaded onto your phone, it harvests your contacts and begins sending them malicious links over SMS.

To lure people into tapping the URLs, texts are usually disguised as security updates, software, or parcel delivery notices.

Once in the device, FluBot can harvest your online banking credentials, take screenshots, and send or intercept SMS messages.

Because it uses the victim’s gadget to send smishing messages to their contacts, FluBot…