The agency says an estimated 400,000 scam texts are still being sent across all mobile networks.
The DIA, along with government's Computer Emergency Response Team (Cert NZ) and Netsafe, is working with internet service providers to block website links associated with Flubot. (Scam texts always ask you to click through to a website, which then asks to download an app such as a parcel tracker - in fact, it's the Flubot malware, which can steal personal details such as your online banking details, and copy your address book then send a fresh wave of scam texts to all your contacts.)
Internal Affairs says there are still around 200 phones infected with Flubot on NZ networks. Between them, their owners are sending thousands of scam texts per day.
"Government departments, industry providers and the Telecommunications Forum working together to reduce the harm of this text scam," said Telecommunications Forum CEO Paul Brislen, whose group includes Spark, Vodafone and 2degrees.
Yet the collective has been unable to stop Flubot. Brislen said New Zealanders had a part to play.
People whose phones have been infected to reset their smartphone (if your contacts have been receiving "parcel delivery" or other bogus texts from your cell number, that means you're infected). Although inconvenient - because it can mean losing all your apps and personal settings - it's the only sure way to rid your phone of Flubot.
The option to reset an Android phone (which essentially covers almost every brand outside of Apple) can be found under Settings. Cert NZ director says anyone who is having trouble resetting their phone can contact his agency via its website, cert.govt.nz, or helpline - 0800 2378 69.
The Flubot malware only infects phones that run on Google's Android software, not Apple iPhones.
People also need to be wary of scam texts. Genuine text messages sent by a service provider or government agency are usually sent via a commercial messaging service that uses a four-digit number (such as the 7726 used by the DIA), so be wary of a "courier" or other company text that arrives from a conventional cellphone number.
Genuine messages also usually ask you to reply by text rather than clicking on a link to a website.
If you're in any doubt, phone the company concerned after looking up its phone number on its website.
Although Flubot began as a parcel delivery scam, it has since emerged in several variants, including one that asks you to download a "voice mail app" from Spark to hear a message (like our other mobile players, Spark does not require you to download any special app to hear messages). It has even masqueraded as a "security update" to remove Flubot.
Cert NZ was contacted by one individual who fell victim to the scam in early October.
"I was waiting on a parcel delivery for my daughter's birthday when I got the message and clicked on the link. Next thing I knew I was getting dozens of phone calls and texts from individuals who thought I was a scammer," the victim said.
Their number was unknowingly used to forward the scam message to 548 individuals over the next three days.
"I only found out about the Flubot scam when someone from the Department of Internal Affairs contacted me and told me I was impacted. I then got in touch with Cert NZ, who helped me complete a factory reset of my phone and thankfully the messages stopped."
What to do if you think you've received a scam text
• Report it by forwarding it to the Department of Internal Affairs' text number, 7726.
• If you think your phone has become infected, because your contacts are getting scam texts from your number, reset your phone.
• If you need help resetting your phone, contact Cert NZ via ts website, cert.govt.nz, or helpline - 0800 2378 69.
• Remember that Flubot malware can only infect Android phones. It can't infect iPhones.
Below, examples of scam downloads associated with Flubot, including a fake security update:
