Android malware spread by SMS
A FluBot campaign that sends scam messages about package deliveries has become active in Finland. Based on reports received by the National Cyber Security Center (NCSC-FI), scam messages written in Finnish are being sent to thousands of people in Finland. The message says there is package in delivery and contains a link for tracking the delivery. The link will direct the recipient to a website that will try to get the victim to install the malicious FluBot software. NCSC-FI has earlier this year told about the FakeCop/FakeSpy malware that is similar to FluBot.
Target group of the alert
The malware targets everyone using an Android device and a mobile subscription. Text messages may also be sent to other mobile phones, but the .apk installation files do not work on iPhones, for example.
Possible solutions and restrictive measures
The scam messages is written in Finnish and informs the recipient about a package delivery. The message contains a link to a website.
The website includes a link for downloading .apk application files that contain malicious software for Android devices (e.g. FluBot). The installation files do not work on iPhones. The malware may also steal data from the device and send malware-spreading scam messages. Text messages may also be sent abroad. Clicking on the link does not yet install the malware. Users will be requested to allow the installation. If you have installed the malware, you need to take immediate action.
Information security now article:
- Perform a factory reset on the device. If you restore your settings from a backup, make sure you restore from a backup created before the malware was installed.
- If you used a banking application or handled credit card information on the infected device, contact your bank. Report any financial losses to the police.
- Reset your passwords on any services you have used with the device. The malware may have stolen your password if you have logged in after you installed the malware.
- Contact your operator, because your subscription may have been used to send text messages subject to a charge. The currently active malware for Android devices spread by sending text messages from infected devices.