Flubot malware reported to heavily target android users

Finland’s National Cyber Security Centre (NCSC-FI) has sent out a “severe alert” to the public about the rise of a campaign targeting Finish Android users. The Flubot banking malware is pushed on through text messages sent from compromised devices, with hundreds of thousands of texts being reportedly sent.

One of the major concerns around the Flubot malware is its ability to rapidly spread through infected devices and the difficultly of regulators and cyber experts to identify these messages due to the many different message variants being sent.

Infected devices will send scam messages, purportedly from their mobile operator or voicemail service, asking recipients to click on a malware link. Once clicked, the malware will download and steal banking data and send scam messages to others.

This is not the first time Finland has dealt with Flubot scams with another major scam message campaign reported in June this year. Despite dealing quickly with the first Flubot scam, this new campaign is proving difficult to address.

“We managed to almost completely eliminate FluBot from Finland at the end of summer thanks to cooperation among the authorities and telecommunications operators. The currently active malware campaign is a new one because the previously implemented control measures are not effective,” said NCSC-FI information security adviser Aino-Maria Väyrynen.

The NCSC-FI says Android users who believe their device has been infected should perform a factory reset of their device to remove the malware and change any passwords that have been entered. The network operator, too, should be informed that the device has been compromised, as hackers may have used the device to send scam messages to other people. Any financial losses should also be reported to the police.