Finland’s National Cyber Security Center (NCSC-FI) recently put out an alert that scam messages are being sent out with the hope that unsuspecting users will click on a link contained within them. Clicking on this link takes them to a website that requests permission to install a malicious application that is used to deliver the FluBot malware to their Android smartphones.
A similar campaign occurred over the summer and at that time, the NCSC-FI also sent out an alert warning users of the dangers posed by FluBot.
In its most recent alert, the NSCS-FI explained how Finnish users can easily spot these scam messages to avoid falling victim to this latest FluBot campaign, saying:
“The FluBot campaigns employs numerous different text messages with different wordings and links. The messages are written in Finnish. They are written without Scandinavian letters (å, ä and ö) and include, for example, the characters +, /, &, % and @ in illogical places in the text to make it more difficult for telecommunications operators to filter the messages.”
Switching back to SMS
According to the NCSC-FI, around 70k of these scam messages were detected over a 24-hour period and a voicemail message or a message from a user’s mobile operator was used as a lure to entice people to click on the link contained in the messages.
If a user fell for the scam, clicked on the link and had their device infected with FluBot, the agency recommends that they perform a factory reset of their device to remove the malware. Alternatively, iPhone users that received these scam messages should also avoid clicking on any links they contain as they redirect to fraud and phishing sites as opposed to prompting a user to install an app.
Once installed on an Android device, FluBot is able to access their contacts, send out spam texts to other users, read messages, steal credit card details and passwords typed into apps, install additional applications and perform other malicious activities.
While FluBot has primarily been spread using SMS, a recent campaign from the creators of the malware used fake Android security updates to trick potential victims to installing it themselves. This allowed the malware to avoid detection but in this latest campaign, the use of characters such as “+, /, &, % and @” in the message text is making it more difficult for mobile carriers to filter these messages so that they aren’t delivered to their customers’ smartphones.
Via The Register