1 December 2021

Android users in Finland targeted in mobile malware campaign spreading FluBot


Android users in Finland targeted in mobile malware campaign spreading FluBot

The National Cyber Security Centre (NCSC-FI) at the Finnish Transport and Communications Agency is warning of a massive campaign targeting Android users in Finland with FluBot banking malware delivered via text messages sent from compromised devices.

First spotted in late December 2020 by ESET researchers, FluBot is a sophisticated type of malware targeting Android users through fraudulent messages or notifications. The malware is capable of stealing passwords and login information to users’ online accounts, personal details, and banking information. It also sends SMS messages to new victims and spreads itself further.

This is the second FluBot campaign that hit Finland this year. The first one was detected in June and involved attackers sending scam messages using a voicemail theme and attempting to trick victims into visiting malicious websites serving the FluBot malware.

In the new campaign the attackers distribute text messages alerting the victims that they received a voicemail or a message from their mobile operator. In order to gain access to the purported content the user is asked to open a link in a message, which in reality leads them to a malicious website hosting FluBot.

“An Android malware called FluBot is being spread by SMS. According to our current estimate, tens of thousands of messages have been sent to people in Finland during one day. We expect the amount to increase in the coming days and weeks,” said Aino-Maria Väyrynen, information security adviser at the NCSC-FI.

“We managed to almost completely eliminate FluBot from Finland at the end of summer thanks to cooperation among the authorities and telecommunications operators. The currently active malware campaign is a new one, because the previously implemented control measures are not effective,” Väyrynen noted.


Back to the list

Latest Posts

The story of the four bears: Brief analysis of APT groups linked to the Russian government

The story of the four bears: Brief analysis of APT groups linked to the Russian government

In “The Four Bears” series we will tell you about the APT groups known as Fancy Bear, Cozy Bear, Voodoo Bear, and Berserk Bear.
17 January 2022
Cybersecurity year in review: Most notable APT hacks of 2021

Cybersecurity year in review: Most notable APT hacks of 2021

In 2021 nation-state actors somewhat faded into the background, but they still pose a significant threat.
17 January 2022
Hackers put up for sale data of 2M ONUS customers after the company refused to pay $5 million ransom

Hackers put up for sale data of 2M ONUS customers after the company refused to pay $5 million ransom

The attackers exploited the Log4Shell vulnerability on ONUS’ Cyclos server to plant backdoor and exfiltrate data.
30 December 2021