The cybersecurity authority in Finland, which belongs to the Transport and Communications Agency, has alerted citizens about the accelerated advance of the Flubot banking Trojan for Android devices deployed through millions of SMS messages. Operators of this campaign are distributing dozens of different variants, wreaking havoc on thousands of devices.
Upon completion of its installation on an infected smartphone, Flubot begins to request permissions on the system, in addition to intercepting sensitive information and deleting passwords stored on devices. In addition, the malware operators can send additional SMS messages to numbers in the victim’s contact list, in an unusual method to increase the range of infection.
Representatives of the Finnish government point out that the aggressiveness of this campaign has become much more aggressive over the course of the days, so malicious SMS messages are already in the millions. Several telecommunications companies operating in Finland claim to be intercepting hundreds of thousands of messages daily, so the attack has become worrisome.
Authorities also noted that the malware is aimed at users of Android devices, while users of iPhone and other mobile phone options could face other security risks.
About the SMS messages used by the hackers, the researchers mention that these attract the attention of the victims by pointing out that the user has pending voicemail or messages from their mobile phone provider. Whatever message the user receives, it contains a link that redirects to a malicious website.
The malware is not installed immediately after the user clicks on this link, but users are prompted to grant voicemail permissions, thus triggering the installation of the payload. Upon installation, the malware will begin to steal sensitive information from the device in the background.
Although this is a very well crafted campaign, threat actors give themselves away by not using some Finnish characters such as å, ä and ö, replacing them with characters like +, /, &, % and @, in what is the main indication of malicious activity when receiving these SMS messages.
Flubot had already been detected a few years ago in the same country, so experts believe that this is a sample of the sophistication and development capabilities of the hackers in charge of these campaigns. For vulnerable users, the best security measure is to try to ignore suspicious text messages, as interaction with these SMS is critical to complete the infection.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.