top of page

Have you received strange SMS messages or spam texts mentioning a ‘missed delivery’ or another unexpected service?

If you think your phone has got the Flubot, here’s what you can do

What is Flubot?

Flubot malware has started to appear in New Zealand after circulating around Europe and Australia for some time. This is like a computer virus that can be installed on an Android device if you click on a malicious link in a SMS message, to install the malware app, it then sends many similar text messages to other people from your phone without your knowledge.


If your phone gets infected with the Flubot, you should urgently remove the malware and change all your passwords, such as by using another device that is not infected. Not the Flubot infects Android phones only, not iPhones.


What will the Flubot do?

There are a range of things that can happen once you’ve downloaded the infected app. As well as send out text messages to others, the Flubot malware then possesses the ability to perform other harmful actions on your device, including:

Disabling the Google Play Protect mechanism

Reading, intercepting and sending text messages

Reading the list of contacts

Adding phone numbers to a device’s blacklist

Uninstalling applications

Blocking notifications

Stealing credit card information


What does a Flubot text look like?

There are a variety of text messages going around, but some look like:

Your package has £(ey£) a failed delivery attempt. amp

Your package has _ a failed delivery attempt. rue

Arriving early: The package will - be delivered [6] today. Track: | l

Arriving early: The package will be delivered | today. Track: wg

Arriving | early: The package will be {cm} delivered today. Track:

These scam texts continue to evolve, with reports of new messages asking you to check your voicemail or retrieve a photo album.

It's worth noting that most official service advisory texts come from a 3 or 4 digit shortcode. So if the text message comes from a sender that is not a shortcode, it might be the Flubot.


How can my phone/device get infected?
If you click on a suspicious link contained in one of these scam messages, you will be taken to a web page where you’ll be asked to install an app. If you install this app, then the Flubot malware will be loaded on your phone.

Will I know if my phone/device has been infected?
If your Android device is infected with Flubot, you will not know if your personal data is being accessed, and you will not be able to see your handset sending SMS messages to spam others. Some customers have told us they are receiving text messages or telephone calls from people complaining about messages sent to them, but they did not send any messages. If you’re not sure, you can perform a Google Play Protect scan via the steps listed below.

What is an Android device?
An Android phone is not an iPhone. It is a smartphone that runs on the Android operating system (OS) developed by Google. Android is used by a variety of mobile phone manufacturers including Samsung and OPPO.

What can I do if my phone has been infected?
You can report scam calls and messages to the Department of Internal Affairs (DIA) by forwarding the SMS to 7726. They are coordinating the response to this attack across all mobile providers.

If you think your phone has got the Flubot, CERT NZ provides the following advice:

Report to CERT NZ via

Forward the text to 7726.

Change all passwords, especially banking passwords.

Factory reset your phone or restore from a back-up made prior to receiving the text.

Call your bank to see if there’s any suspicious activity.

If you’ve clicked the link and downloaded the app you will most likely need to do all five steps.

I've clicked on a link but didn’t download an app, what do I do?
If you clicked the link but didn’t download anything, follow steps 1-3 above.

If you didn’t click the link, just complete steps 1-2.

How do I do a 'factory reset'?
Device manufacturers provide guidance and steps for individual phones as this can differ between models and brands. Here is information for Samsung Galaxy and OPPO phones, for example.

What can I do if I'm using an iPhone and am getting lots of spam texts?
As noted above, the Flubot only infects Android phones, so if you’re on an iPhone the best thing you can do is to ignore and delete any texts (even if they’re annoying!). You can also report any unwanted scam messages to CERT NZ and the DIA.

How do I protect my phone in the future?

Never open links that seem suspicious: If you receive an unusual text message, check it carefully. Do not click on the link unless you’re certain it belongs to someone you trust and the URL looks legitimate. You should only ever install applications to your phone from the official app store.

Don’t grant apps broad permissions, and only let apps access what they need to function: Avoid any apps that ask for more data than necessary. Such as with the Flubot, broad permissions can lead to the malware being able to perform unwanted tasks and spread further.

Keep Google Play Protect switched ON in your settings (Android version 8 or later): Google Play Protect helps you keep your device safe and secure. Google Play Protect is on by default, and we recommend keeping it activated. If you have turned this security feature off, or you’re not sure, here is more information outlining how you can check and turn it back on.

If you are on an Android device, within the Security menu disable “Unknown sources “ or “Install Unknown Apps”: A lot of malicious apps can come to your phone from outside of the official Google Play store, such as from unknown sources. While it might be tempting to install the occasional app that you can’t find in the official app store. We do not recommend doing this, but if you’re willing to take the risk and trust the source, then make sure to disable the feature again afterwards to reduce any ongoing security risk.

Also within the Security menu do not install suspicious apps from the “Install unknown apps” section.

For more information, please visit the CERT NZ website:

bottom of page