Tens of thousands of Android smartphones in the Netherlands have been infected with malware that tries to steal money from bank accounts. The virus is being spread by text messages with information for tracking packages.
The message states that a package has been sent to you and that you can track it using an app. However, this app is not available in the Google app store. This means that you must install it manually, which results in your smartphone being infected with the malware.
Tens of thousands of Dutch Android users have recently installed these fake UPS and DHL apps, according to RTL Nieuws.
Stealing your money
The malware then tries to steal money from your bank account by secretly adjusting the amount and account number on existing transactions in your banking app. You think you’re transferring €50 to your friend but instead, you’re wiring thousands of euros to a foreign bank account. The malware also checks whether you have an app for cryptocurrencies and loots those accounts as well.
If the malware is on your phone, there is a strong chance that your bank account will be plundered, says cybersecurity expert Cengiz Han Sahin. The only way to know whether you’ve been affected is to check your bank balance.
Where did they get my phone number?
If an Android phone has been infected with the malware, it will collect all ‘06’ numbers from the contact list. These phone numbers will then also receive an SMS inviting them to track a package. This has allowed the virus to become very widespread.
Has my phone been infected?
If you don’t remember downloading a UPS or DHL app, you can check this in the settings of your phone. The malware blocks access to your list of apps, so if under “view all apps” in your settings the list is blocked, it is likely that your phone has been infected.
The only way to get rid of the malware is by resetting your smartphone to the factory settings. While this means that you may lose some data, such as photos and WhatsApp messages if you haven’t backed them up, the reset is necessary. According to Sahin, “it’s quite difficult to get the malware off your phone completely without the reset.”
The malware only infects Android phones. Whilst people with an iPhone can receive this text message, their device will not be at risk even if they download the app. For Android users, the only danger is actually downloading the app. Clicking the link in the text message will not put their phone at risk.
Crazy spelling errors
Many of the text messages are not written in correct Dutch and contain errors, such as “follow your package hore” instead of “follow your package here.” Despite this, tens of thousands of people have still fallen for the scam.
In a world where we are increasingly reliant on online ordering and using apps from delivery companies, it is understandable that this scam has been so far-reaching. However, Sahin cautions that “it is important that you always install such apps from Google’s app store, Google Play.”
Have you been affected by this virus? Tell us in the comments below!
Image: Abuzer van Leeuwen/SmartMockups
