Do you live in Finland? Then heed the National Cyber Security Centre’s warning of a campaign targeting the country’s Android users with Flubot banking malware.
This is not new to Finland, as the country suffered a similar Flubot attack earlier this year, where SMS messages spammed thousands of Fins.
Now, Flubot has returned, and again, it spreads via text messages sent from compromised devices. The campaign is huge, spreading tens of thousands of messages to people in Finland within a day.
You might be asking: What is Flubot and how does it operate? We’ve answered that in the following article.
Flubot – Your Device is Coming Down with Something
Technically, the name says it all. Just like the actual “Flu,” the malware is kind of contagious as it spreads from the compromised devices.
Using the “you’ve got voicemail” message technique has been pretty common lately. In fact, a while ago, attackers used the same technique as they impersonated the US provider Verizon.
Now, since the scam is fixed within Finland, the theme of the text message involves a voicemail message from their mobile operator, prompting the victims to click on a link, which allows them to listen to a voicemail message.
According to the National Cyber Security Centre:
“An Android malware called FluBot is being spread by SMS. According to our current estimate, tens of thousands of messages have been sent to people in Finland during one day. We expect the amount to increase in the coming days and weeks.”
As mentioned, Android users in Finland might receive a voicemail message from their operator. When they click on the provided link, it’ll redirect them to malicious sites pushing APK installers that deploy the Flubot banking malware instead of opening a voicemail.
As for iOS users, the link reroutes them to other fraudulent material on the website. The report states that the attack includes more than 70,000 messages in 24 hours, so it’s different than the one that hit last summer. Here’s what Finnish National Cyber Security Centre had to say:
“We managed to almost completely eliminate FluBot from Finland at the end of summer thanks to cooperation among the authorities and telecommunications operators. The currently active malware campaign is a new one because the previously implemented control measures are not effective,”
In their report, they suggested that “the situation calls for general caution or may require users or administrators to take action.” And so do we.
The Contagious Flu-based Malware
Knowledge and preparedness are important. Regardless of the location you live in, you should not install any application or APK you come across.
At all costs, avoid clicking on links that don’t seem to be in place. The messages the attackers sent do have their flaws. They don’t have Scandinavian letters (å, ä and ö) and a lot of characters such as +, /, &, %, and @ in illogical places in the text.
In other words, you can tell that no legit source has sent them. With that said, be careful, cybercrime has gone up a lot in the past year.