HQ/EMEAFind out how we can help your business
Finland’s Transport and Communications Department (Traficom) is warning users of an ongoing Android malware operation aimed at compromising online bank accounts.
The agency has spotted various instances of SMS texts written in Finnish instructing recipients to call a particular number. The scammer who answers the phone advises victims to download the McAfee app for safety.
The messages have allegedly come from banks or payment service providers such as MobilePay, and they use spoofing technology to appear to be from a domestic telecom operator or local network.
The McAfee program offered in the instructions contains malware that allows threat actors to access victims’ bank accounts. Reports stated that the download link provides a .apk application hosted outside the app store for Android devices.
Unfortunately, this is not antivirus software; it is malware to be installed on the phone. The OP Financial Group, a major financial services provider in the country, has also posted an alert about fraudulent letters imitating banks or governmental agencies on its website.
Authorities also expressed their concerns by stating that the software allows operators to enter the victim’s bank account and transfer funds.
The Android malware operation exclusively targets Android smartphones.
Finland’s communication agency explained that the Android malware targets Android smartphones since they have not recorded any distinct infection chain for Apple iPhone users.
On the other hand, the Finnish authorities have not determined the type of malware or revealed any hashes or IDs for the APK files, but experts claimed that the attackers use a new version of the Vultur trojan.
The newly released Vultur version uses hybrid smishing and phone call attacks to deceive targets into downloading a fake McAfee Security program, which divides the final payload into three sections for evasion.
Its features include extensive file management operations, abuse of Accessibility Services, banning specific apps from running on the device, disabling Keyguard, and displaying custom notifications in the status bar.
Authorities explained that if an Android user has installed the malware-laden app, they should immediately contact their bank to enable protection measures and restore “factory settings” on the infected smartphone, wiping all data and apps.
