The National Cyber Security Centre (NCSC-FI) at the Finnish Transport and Communications Agency is warning of a massive campaign targeting Android users in Finland with FluBot banking malware delivered via text messages sent from compromised devices.

First spotted in late December 2020 by ESET researchers, FluBot is a sophisticated type of malware targeting Android users through fraudulent messages or notifications. The malware is capable of stealing passwords and login information to users’ online accounts, personal details, and banking information. It also sends SMS messages to new victims and spreads itself further.

This is the second FluBot campaign that hit Finland this year. The first one was detected in June and involved attackers sending scam messages using a voicemail theme and attempting to trick victims into visiting malicious websites serving the FluBot malware.

In the new campaign the attackers distribute text messages alerting the victims that they received a voicemail or a message from their mobile operator. In order to gain access to the purported content the user is asked to open a link in a message, which in reality leads them to a malicious website hosting FluBot.

“An Android malware called FluBot is being spread by SMS. According to our current estimate, tens of thousands of messages have been sent to people in Finland during one day. We expect the amount to increase in the coming days and weeks,” said Aino-Maria Väyrynen, information security adviser at the NCSC-FI.

“We managed to almost completely eliminate FluBot from Finland at the end of summer thanks to cooperation among the authorities and telecommunications operators. The currently active malware campaign is a new one, because the previously implemented control measures are not effective,” Väyrynen noted.