Another wave of FluBot: malware being spread by SMS
Alert1/2022
The FluBot malware targeting Android devices is once again being actively spread in Finland. The malware aims to steal data from devices, and it is spread via SMS and MMS. Receiving or opening the message is not dangerous, but a malware infected device should be reset to factory settings.
Another mobile malware campaign has become active in Finland. The malware is being spread by SMS, and it is targeting Android devices.
The FluBot malware may steal data from mobile devices. The malware spreads further by sending SMS and MMS messages from the infected devices. The messages that are circulating currently are written without Scandinavian letters (å, ä and ö) and in many messages words have been split by superfluous spaces. For iPhone users, the scam messages mean a risk of subscription traps and other types of fraud.
“The most recent FluBot malware campaign is very similar to the previous ones. Fraudsters have sent thousands of scam messages. The malware has been updated, and in the present campaign scam messages are also being sent via MMS,” says Matias Mesiä, information security adviser at the NCSC-FI.
The messages sent to spread the malware have concerned voicemail, unanswered calls and parcel deliveries, for example. What all messages have in common is that they ask the recipient to open the link in the message.
Clicking on the link does not yet install the malware. Instead, the link takes the user to a website instructing the user to install the malware. The malware requests consent for installation. The messages try to get the user to disable security features to allow the installation of the malware.
Target group of the alert
FluBot targets users with an Android device and a mobile subscription.
Messages spreading the malware are also sent to other devices. iPhone users, for example, are directed to subscription traps and other fraudulent material.
Possible solutions and restrictive measures
Do not open the links included in the scam messages. Clicking on a link does not yet install the malware on your device.
Never install applications from other sources than app stores. If you have installed the malware, you need to take immediate action. The quickest way to remedy the situation is to perform a factory reset on the infected device.
More detailed instructions are provided at the end of this alert.
More Information
The FluBot campaign with fraudulent messages was last active in Finland in December 2021 . We also issued an alert on malware being spread by SMS in June 2021 .
The latest malware campaign uses methods similar to those in previous campaigns. The current campaign also uses MMS to spread the malware.
IF YOUR DEVICE HAS BEEN INFECTED WITH FLUBOT
- Perform a factory reset on the device. If you restore your settings from a backup copy, make sure you restore from a backup created before the malware was installed.
- If you have used a banking application or handled credit card information on the infected device, contact your bank.
- Report any financial losses to the police.
- Reset your passwords on any services you have used with the infected device. The malware may have stolen your password if you have logged in after you installed the malware.
- Contact your operator, because your subscription may have been used to send text messages subject to a charge. The currently active malware for Android devices spread by sending SMS and MMS from infected devices.