FluBot – an infamous banking malware that affected thousands of users across Australia and the U.K. – is now active in Finland.
In an official alert, Finland’s National Cyber Security Centre (NCSC-FI) warned about a massive FluBot malware campaign targeting Android users in the country since June 2021. The Finnish Transport and Communications Agency has reportedly received multiple reports about dozens of messages sent to spread the FluBot malware.
Be aware of malware spread by SMS ⚠️
The #FluBot campaign has become active again, and the malware is being spread by SMS. Scam messages written in Finnish are being sent to tens of thousands of people in Finland.https://t.co/TRXQa5Jv9D
— NCSC-FI (@CERTFI) November 26, 2021
What is FluBot?
FluBot is a sophisticated malware targeting Android users via malicious messages or pop-ups. The messages that carry FluBot usually alert the victims that they have a new voicemail or missed call from an unknown number. The message contains a link, which, once clicked, redirects the user to a malicious website impersonating a legitimate website. The malware is then deployed on the targeted device.
How FluBot Infects
The officials stated the FluBot campaign sent fraudulent text messages to Android device users. FluBot malware can steal sensitive information from the compromised device and infect other banking apps installed on the device.
“Clicking on the link does not yet install the malware. Users will be requested to allow the installation. The malware may steal data from the device and send malware-spreading scam messages. The messages are often written without Scandinavian letters (å, ä and ö) and may contain the characters +, /, &, % and @ in random and illogical places in the text,” the alert said.
The NCSC-FI urged organizations to be vigilant and inform about the FluBot campaign to their personnel. Users are recommended not to click on any links from unknown sources and not download files or attachments shared via links or messages.
“Preparedness is important, and organizations should inform their personnel about FluBot to ensure that their employees do not install the malware on their phones. It is important for organizations to know what information and data phones contain and assess the risks of a potential data leak because FluBot steals information from phones,” the alert added.
NCSC-FI offered certain mitigation measures for the affected users:
- Perform a factory reset on the device. If you restore your settings from a backup, make sure you restore from a backup created before the malware was installed.
- Contact your bank if you used a banking application or handled credit card information on the infected device.
- Report any financial losses to the police.
- Reset your passwords on any services you have used with the device. The malware might have stolen your password if you logged in after installing the malware.
- Contact your operator because your subscription may have been used to send text messages subject to a charge. The currently active malware for Android devices spread by sending text messages from infected devices.
Commenting on the latest malware campaign, Aino-Maria Väyrynen, Information Security Adviser at the NCSC-FI, said, “According to our current estimate, tens of thousands of messages have been sent to people in Finland during one day. We expect the amount to increase in the coming days and weeks. We managed to almost completely eliminate FluBot from Finland at the end of summer thanks to cooperation among the authorities and telecommunications operators. The currently active malware campaign is a new one because the previously implemented control measures are not effective.”