Major Android Malware Attack Campaign Targets Finnish Banking Customers
Finland’s government organization responsible for communications, the Transport and Communications Agency (Traficom), has issued an urgent warning about an ongoing malicious Android malware campaign attempting to breach online bank accounts of Finnish citizens.
Traficom highlighted multiple reports of SMS phishing messages written in the Finnish language that instruct recipients to call a phone number.
When victims call the number, the fraudster on the other end claims to be from a reputable security company like McAfee and directs the user to install a fake “McAfee” application for protection.
However, the app that victims are tricked into downloading and installing is actually an Android malware, not legitimate antivirus software.
The fraudulent messages purport to be from major Finnish banks or popular payment services such as MobilePay to appear credible, but cyber attackers are using number spoofing techniques to disguise the origin of the texts.
Samples of the deceptive smishing messages have been shared by one of Finland’s largest financial institutions, the OP Financial Group.
The messages misrepresent themselves as being from telecommunications operators or local network providers but are in fact malicious attempts to install banking Trojans on victims’ phones.
Android Malware Attacks Enable Remote Access and Theft of Bank Accounts
Once installed, the Android malware provides cyber criminals with complete remote access and control over the victim’s compromised device.
With this level of access, attackers are then able to log into infected users’ online banking accounts and transfer funds without authorization.
Authorities in Finland report that in at least one case, a victim had over 95,000 euros (around $102,000 USD) stolen after falling for Android malware and installing the fraudulent app.
Both Traficom and the national police force are urging all individuals that may have downloaded the malicious software to immediately contact their banks to enable extra layers of account protection.
Attack Bears Hallmarks of Notorious “Vultur” Banking Trojan
While the Finnish authorities have not yet provided technical details like the malware’s exact name or hashed files, cybersecurity researchers have noted the Android malware attack mirrors the behavior and payload delivery method of the infamous “Vultur” Android banking Trojan.
A new variant of Vultur emerged recently using sophisticated smishing and vishing (phone call) lures to trick targets into installing a fake security program disguised as reputable antivirus.
In reality, the app introduces highly sophisticated Android malware in separate stages to evade detection.
Once fully installed, the Vultur Trojan is able to perform extensive filesystem operations, disables Android security features, overlays phishing notifications, and blocks certain apps – all while remaining hidden from the compromised device’s owner.
Resetting an infected device to factory settings is recommended to thoroughly remove the malware and associated risks.
Android’s built-in Play Protect feature also automatically protects against known Vultur files, keeping it enabled is a smart precaution.
Recommendations to Avoid Android Malware Attacks
- Be extremely cautious of any unsolicited messages, even those appearing to be from reputable sources, avoid clicking links or calling numbers from suspicious texts.
- Only download apps from Google Play and verify the developer’s name matches what’s expected before installing.
- Keep Android and apps like Google Play Services up-to-date with automatic updates enabled.
- Consider using a mobile antivirus app from a reputable company alongside Play Protect for extra scanning.
- Enable strong account security features like two-factor authentication for online banking whenever possible.
- If your device acts strangely or you suspect malware, contact your bank immediately and factory reset the phone.
The ongoing Android malware attacks targeting Finnish banking customers demonstrate the lengths cyber criminals will go to steal funds. Staying informed on the latest threats and practicing good security hygiene is key to avoiding becoming a victim.
