O2 SMS states that an SMS phishing attack is currently underway on many cellular networks. O2 has taken precautionary measures, “but unfortunately your mobile phone has been affected,” as stated in the SMS. The website behind O2 was referenced by Telefónica Deutschland, the company behind O2. Under telefonica.de/aktuelle-information More information can be found.
SMS with malware via the link
If you click on the link, O2 urgently prompts you again: “We have reason to assume that you have been affected by this attack and that malware has been installed on one of your terminal devices.” O2 cites an SMS with this reason for the attack or similar content: “Your package has been sent. Please verify and accept it.” A link to domain duckdns.org follows.
O2 warns: Once you click the link, malware will be installed. Then she uses her cell phone “to send text messages outside Europe, for example”. O2 asks you to remove the software immediately to avoid the prohibitive costs of these text messages.
At worst, reset the cell phone to factory settings
At the same time, O2 cannot currently rule out the possibility that there are versions in circulation that cannot be removed once uninstalled. In this case, O2 will ask you to reset your phone to factory settings. On the website, O2 explains how you should proceed and reminds you to back up your personal data beforehand. Important: In order not to reinstall malware, you should only restore data during restore, not apps from backup. You have to download the apps again from the Google Play Store.
O2 advises against opening any websites that you are not familiar with. You should also not download software from websites directly to your mobile phone. Additionally, you should generally not download any software via sideload, i.e. from sources outside of the Google Play Store.