Front Page: NCSC-FI
Front Page: NCSC-FI
Go to Search

Alert on Android malware removed

Information security now!

We have removed the alert on Android malware issued on 4 June. The malware campaign that was highly active in early June has now calmed down, and the number of incident reports about text messages spreading the malware has decreased significantly.

""

Major decline in malware incident reports

The FluBot Android malware was being actively spread in early June via a text message campaign. After issuing the alert, we received up to 900 incident reports a day. By now, the number of reported attempts to spread the malware has decreased significantly. Attacks with FakeCop/FakeSpy malware have also been detected, but the number of reports has been considerably smaller than with FluBot.

The incident reports helped us at the National Cyber Security Centre to investigate the websites used to spread the malware, and we used the reported information in our communications and in requests for shutting down websites.

Esimerkkejä haittaohjelmaa levittävän viestin verkkosivusta ja tekstiviestistä. Toisella sivulla käytetään DHL nimeä ja logoa, toisella väitetään valheellisesti että sinulle on saapunut vastaajaviesti.
The FluBot malware was sent around, for example, by messages sent in DHL’s name or containing notifications about voicemail.

Be vigilant against text message scams

Text messages spreading Android malware have not disappeared completely. The themes employed have evolved from DHL parcel deliveries and OmaPosti messages to notifications about voicemail. Messages have been sent in both Finnish and English.

There are still also other active campaigns attempting text message scams and phishing for online banking credentials, so it is important to stay vigilant. Text messages requesting you to pay an outstanding delivery charge, sending you a message and link about your credit card being blocked or informing you about a prize you have one are most likely scam attempts.

The alert may be re-activated if the malware campaign becomes active again or takes a new form.

Caption: The FluBot malware was sent around, for example, by messages sent in DHL’s name or containing notifications about voicemail.