The Flubot campaign has hit Finland again for the second time this year. The previous set of attacks was spotted between early June and mid-August. This time, Finland’s National Cyber Security Center (NCSC-FI) has issued a severe alert regarding the new wave of attacks.
What’s going on?
This massive campaign is targeting Android users in the country with Flubot pushed via SMS sent from compromised devices. The spam campaign, furthermore, uses a voicemail theme, urging the targets to open a link that would enable them to access a voicemail message or a message from the mobile operator. NCSC-FI detected over 70,000 such messages in a span of 24 hours and dozens of infections have been confirmed. In addition to this, Flubot is popping up on various websites - Netcraft detected around 10,000 websites distributing the malware.
Why this matters
Once successfully installed, the banking malware can access the contacts list, read text messages, spam text others, and steal passwords and credit cards. Moreover, if this campaign turns out to be as aggressive as the summer campaign, researchers anticipate that the number of messages will increase to hundreds of thousands in the days ahead.
Talking about Android
- ThreatFabric identified 12 malicious apps in the Google Play Store, which have been downloaded over 300,000 times and are stealing people’s bank account details.
- The new Chinotto malware, disseminated by APT37 via spear-phishing emails, can infect both Windows and Android devices. The malware can capture screenshots, collect data, and deploy further payloads.
- Last month, an Android spyware was linked to APT C-23, which was used to target individuals in the Middle East. The spyware hides behind renowned app icons for Chrome, YouTube, Google, or Google Play.
The bottom line
Android devices have always been a favorite target among cybercriminals. The NCSC-FI has advised users to not click on embedded links or download files shared via the link to their devices. While at the time of its inception, Flubot used to target users in Spain, it has now gone global and has become pretty successful. Hence, Android users beware!
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/0a21_shutterstock_153175439.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/6434_shutterstock_1353902207.jpg)
