Lessons in Prevention and Cure: A User Study of Recovery from Flubot Smartphone Malware

Research output: Chapter in Book/Conference proceedings/Edited volumeConference contributionScientificpeer-review

16 Downloads (Pure)


The smishing-based malware Flubot was taken down in mid-2022, yet there is little understanding of how it directly impacted smartphone users. We engage with customers of a partner Internet Service Provider (ISP), who have suffered a Flubot infection on their smartphones. We surveyed 87 ISP customers who had been notified of a Flubot infection, in the months around and preceding the take-down of Flubot. We found that slightly over half of respondents were unaware of the malware infection before being notified, though many others had suspicions. We also observe that just over half of respondents experienced non-technical harms from the malware, with many experiencing harms before notification and several experiencing unwanted or aggressive activity from users of other infected devices. Many respondents reported not having removed the malware, while some discarded the infected device or stopped using online services in their efforts to be more secure afterwards. We offer recommendations, including that clearer guidance be sought to help users identify a malware infection (and not a focus only on prevention), and support provided for recovery from personal harms caused by mobile malware, as the impacts are not only technical.
Original languageEnglish
Title of host publicationProceedings - EuroUSEC 2023
Subtitle of host publication2023 European Symposium on Usable Security
PublisherAssociation for Computing Machinery (ACM)
Number of pages17
ISBN (Electronic)9798400708145
Publication statusPublished - 2023
Event2023 European Symposium on Usable Security, EuroUSEC 2023 - Copenhagen, Denmark
Duration: 16 Oct 202317 Oct 2023

Publication series

NameACM International Conference Proceeding Series


Conference2023 European Symposium on Usable Security, EuroUSEC 2023


  • Flubot
  • smartphone malware
  • user notification study


Dive into the research topics of 'Lessons in Prevention and Cure: A User Study of Recovery from Flubot Smartphone Malware'. Together they form a unique fingerprint.

Cite this