Even though Google is absolutely trying its best to keep the billions (with a "b") of active Android devices around the world protected against the many dangers mobile users can face nowadays navigating a wide sea of online temptation, there are certain things the search giant simply has no power over.
Do NOT install apps from untrusted sources
While it is unfortunately true that your phone can
get infected from Google's official Play Store
and other typically reliable digital distribution services for Android apps, the chances of something like that happening will skyrocket when downloading stuff from shady-looking places.
Although it's not always easy to distinguish between a legit-looking place of e-business and a sketchy app store, developer, or website, a good rule of thumb is to never download APK (Android Package) files if you don't know exactly where these are coming from.
The real DHL will never ask you to do this
That's precisely what "FluBot" wants you to do, disguising a very dangerous type of malware as an innocent-looking alert from an international delivery service like DHL
. Keep in mind that these kinds of viruses often get more sophisticated with time, changing their (fake) identity to try to trick more and more users into giving up control over their most personal and sensitive information.
Otherwise put, you shouldn't trust text messages purportedly coming from any delivery company that asks you to download something from outside the Play Store in order to track a (real or fictitious) package.
Ignore this simple advice at your own peril, as all your online accounts could be hacked and your passwords compromised in one fell swoop. That's how vicious this latest threat to your cybersecurity can get, and even worse, your FluBot-infected device could then further spread the malware to all your contacts, family, and friends.
What to do if your phone is already compromised
The first thing you'll need to do is not enter any more passwords or log into any personal accounts as soon as you realize you've been duped. Secondly, we're afraid you'll have to factory reset your potentially hacked Android phone to get rid of this nasty virus, which means you may also lose some precious data in the process.
On the bright side, you can obviously restore any and all previously backed up data... as long as you're certain said backup was created prior to the time of the FluBot installation. Everything else must unfortunately go so you can be sure the danger goes away as well.
Of course, even after that happens, any and all passwords that might have been compromised during the attack need to be changed immediately, preferably with powerful and unique alternatives you can safely store using services such as LastPass
In case you're wondering, iPhone users don't appear to have been targeted by this particular threat for fairly obvious reasons, although in theory, the spyware could always expand its scope and tweak its M.O. to attempt to steal your data directly from an infected website rather than an installed app. So, yeah, you might want to be careful about opening any links sent to any mobile device.