“Your package has been sent.

Please review and accept. ”This slightly bumpy text message with a link has been circulating since January.

Behind this is malware, reports the telecommunications portal "Teltarif.de".

If you get such a short message, it is best to delete it right away.

Android users who have already received it and clicked on the link should pay attention.

Especially if you discover masses of SMS sent in your message history or - combined with high accrued costs - on your mobile phone bill.

Trojan sends expensive SMS


Because then the probability is high that by tapping the SMS link you have triggered the installation of a Trojan, which will now happily send expensive SMS - for example to special and premium numbers or to countries outside of Europe.

Now it is time to act: Those affected should switch their smartphone to flight mode immediately, inform their mobile network provider and let them set up a so-called third-party block.

This is the advice of the State Criminal Police Office (LKA) Lower Saxony.

If it is not yet clear whether costs have been incurred, the next step is to check.

If, for example, no overview of the current month or the past months is possible in the online customer area, you can ask the provider for a cost statement.

File a complaint and secure evidence


Next, the LKA advises filing a complaint with the local police station.

On the one hand, you take your smartphone with you.

On the other hand, there are also screenshots or photos of the display and - if available - cost statements.

Only then should the Trojan be removed from the device.

To do this, start the smartphone in safe mode.

How this works differs from device to device.

The correct key combination can usually be found on the manufacturer's support website.

In safe mode, you are looking for those apps that were last and not consciously installed yourself.

Remove these apps and restart the smartphone.

In the worst case, only resetting to the delivery state helps.


Before doing this, do not forget to back up the data on the device in an online storage (cloud) or on a memory card.

Then go to the “Reset” item in the settings and then select the item called “Delivery status (delete all data)” or something similar.

Consider the boomerang effect

If you then want to restore your data from a cloud backup to your device, you should make sure that there are no apps among them.

Otherwise you would have the Trojan on your smartphone again, warn the experts.

Instead, you download missing apps individually from Google's Play Store.

To prevent such attacks, you should deactivate all slide switches in the settings under "Security / Installations from unknown sources".

Android banners that warn of apps from unknown sources are better taken seriously.

And what about the cell phone bill?

Important: contact the provider at an early stage and file evidence and report to the police.

Then consumers do not have to pay the part of the mobile phone bill caused by the Trojan.

The Telecommunications Act (TKG) protects them from this.

Because in the TKG (Paragraph 45i Paragraph 4) it says: “If the subscriber proves that the use of the provider's services cannot be attributed to him, the provider has no claim to remuneration from the subscriber.

The claim also does not apply if facts justify the assumption that third parties have influenced the connection fee charged by unauthorized changes to public telecommunications networks. "