1 December 2021

Android users in Finland targeted in mobile malware campaign spreading FluBot


Android users in Finland targeted in mobile malware campaign spreading FluBot

The National Cyber Security Centre (NCSC-FI) at the Finnish Transport and Communications Agency is warning of a massive campaign targeting Android users in Finland with FluBot banking malware delivered via text messages sent from compromised devices.

First spotted in late December 2020 by ESET researchers, FluBot is a sophisticated type of malware targeting Android users through fraudulent messages or notifications. The malware is capable of stealing passwords and login information to users’ online accounts, personal details, and banking information. It also sends SMS messages to new victims and spreads itself further.

This is the second FluBot campaign that hit Finland this year. The first one was detected in June and involved attackers sending scam messages using a voicemail theme and attempting to trick victims into visiting malicious websites serving the FluBot malware.

In the new campaign the attackers distribute text messages alerting the victims that they received a voicemail or a message from their mobile operator. In order to gain access to the purported content the user is asked to open a link in a message, which in reality leads them to a malicious website hosting FluBot.

“An Android malware called FluBot is being spread by SMS. According to our current estimate, tens of thousands of messages have been sent to people in Finland during one day. We expect the amount to increase in the coming days and weeks,” said Aino-Maria Väyrynen, information security adviser at the NCSC-FI.

“We managed to almost completely eliminate FluBot from Finland at the end of summer thanks to cooperation among the authorities and telecommunications operators. The currently active malware campaign is a new one, because the previously implemented control measures are not effective,” Väyrynen noted.


Back to the list

Latest Posts

Security researcher published PoC exploit for Zoho ManageEngine ADAudit Plus bug

Security researcher published PoC exploit for Zoho ManageEngine ADAudit Plus bug

Using this vulnerability, a cybercriminal can get the remote access to sensitive information.
4 July 2022
Microsoft found Raspberry Robin worm in networks of hundreds of organizations

Microsoft found Raspberry Robin worm in networks of hundreds of organizations

While Raspberry Robin was first discovered in September 2021, it was active long before that.
4 July 2022
Half of 2022's 0-days are variants of 2021’s 0-days

Half of 2022's 0-days are variants of 2021’s 0-days

In the first half of 2022, Google’s Project Zero team identified eighteen 0-day vulnerabilities, and at least nine of them are variants of previously fixed flaws.
4 July 2022