Malware Attacks on Android Devices Draining Finnish Bank Accounts

There has been a surge in cyberattacks specifically targeting Android users. According to Finland’s Transport and Communications Agency (Traficom), these sophisticated phishing schemes involve SMS messages that trick users into downloading harmful malware, leading to significant financial losses.

The Helsinki police have also flagged an uptick in these malicious activities, with one victim reporting a loss of €95,000 (or $102,000). Learn more about these attacks and how to stay safe below!

How Does the Attack Work?

The attack involves sending deceptive SMS messages from seemingly local numbers. The messages lure individuals to call a service number under the guise of urgent financial alerts, such as debt collection or unusual account activities.

Phishing message used to spread the malware (Source: Cybersecurity Centre)

Once the service number is dialed, users are misled into believing they are taking preventive measures against suspected fraud. However, during the call, they receive another SMS with a link that supposedly offers antivirus protection but instead installs malware disguised as legitimate security software from McAfee.

What Malware is Used?

Authorities in Finland have yet to identify the specific malware involved or release any hashes or IDs for the APK files, but the attacks bear a resemblance to those recently reported by Fox-IT analysts, linked to a newer version of the Vultur trojan.

This updated version of Vultur has begun spreading through a combination of smishing and phone call attacks, persuading victims to install a counterfeit McAfee Security app. This app then delivers the malware’s final payload in three distinct segments to avoid detection.

Overview of the attack (Source: Traficom)

The latest enhancements of this malware version include comprehensive file management capabilities, exploitation of Accessibility Services, prevention of certain apps from launching, deactivation of Keyguard, and the ability to push tailored notifications to the status bar.

Related Read: Does VPN protect you from viruses & malware?

How to Stay Safe 

In response to the escalating threat, Traficom advises the public to remain vigilant. Here are several critical steps users should take if they suspect their device has been compromised:

• Reset your device to factory settings to eliminate any installed malware.
• Contact your bank without delay to discuss potential protective measures and minimize financial damage.
• Change passwords for all affected accounts to secure your data.
• File a report with the local police to aid in further investigation and help prevent future incidents.
• Avoid downloading apps from unofficial sources and to be skeptical of any unsolicited communications asking for personal information or directing them to install software.