FBI seized $2.3M from affiliate of REvil, Gandcrab ransomware gangs
EwDoor botnet targets AT&T network edge devices at US firms
Android banking malware infects 300,000 Google Play users
Finland warns of Flubot malware heavily targeting Android users
Microsoft Defender scares admins with Emotet false positives
FBI seized $2.3M from affiliate of REvil, Gandcrab ransomware gangs
Finland warns of Flubot malware heavily targeting Android users
Smartwatches for children are a privacy and security nightmare
Qualys BrowserCheck
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Toksearches.xyz Search Redirect
Remove the Smashapps.net Search Redirect
Remove the Smashappsearch.com Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
IT Certification Courses
Gear + Gadgets
Finland warns of Flubot malware heavily targeting Android users
Finland’s National Cyber Security Centre (NCSC-FI) has issued a “severe alert” to warn of a massive campaign targeting the country’s Android users with Flubot banking malware pushed via text messages sent from compromised devices.
This is the second large-scale Flubot campaign that hit Finland this year, with a previous series of attacks SMS spamming thousands of Fins each day between early June and mid-August 2021.
Just as it happened over the summer, the new spam campaign also uses a voicemail theme, asking the targets to open a link that would allow them to access a voicemail message or message from the mobile operator.
However, the SMS recipients are redirected to malicious sites pushing APK installers to deploy the Flubot banking malware on their Android devices instead of opening a voicemail.
Targets using iPhones or other devices will just get redirected to other fraudulent and likely also malicious pages such as phishing landing pages attempting to phish their credit card details.
“According to our current estimate, approximately 70,000 messages have been sent in the last 24 hours. If the current campaign is as aggressive as the one in the summer, we expect the number of messages to increase to hundreds of thousands in the coming days. There are already dozens of confirmed cases where devices have been infected,” the Finnish National Cyber Security Centre said in the alert issued on Friday.
“We managed to almost completely eliminate FluBot from Finland at the end of summer thanks to cooperation among the authorities and telecommunications operators. The currently active malware campaign is a new one, because the previously implemented control measures are not effective,” said NCSC-FI information security adviser Aino-Maria Väyrynen.
Android users who receive Flubot spam messages are advised not to open the embedded links or download the files shared via the link to their smartphones.
Be aware of malware spread by SMS

The #FluBot campaign has become active again, and the malware is being spread by SMS. Scam messages written in Finnish are being sent to tens of thousands of people in Finland.https://t.co/TRXQa5Jv9D
This banking malware (also known as Fedex Banker and Cabassous) has been active since late 2020 and is used to steal banking credentials, payment information, text messages, and contacts from infected devices.
Initially, the botnet mainly targeted Android users from Spain. However, it has now expanded to target additional European countries (Germany, Poland, Hungary, UK, Switzerland) and Australia and Japan in recent months, even though the Catalan police reportedly arrested the gang’s leaders back in March.
After infecting an Android device, Flubot spreads to others by spamming text messages to stolen contacts and instructing the targets to install malware-ridden apps in the form of APKs. Last month, Flubot also began tricking its victims into infecting themselves using fake security updates warnings of Flubot infections.
Once deployed on a new device, it will attempt to trick victims into giving additional permissions and grant access to the Android Accessibility service, allowing it to hide and execute malicious tasks in the background.
It then takes over the infected device, gains access to the victims’ payment and banking info via webview phishing pages overlayed on top of legitimate mobile banking and cryptocurrency apps’ interfaces.
Flubot also exfiltrates the address book to the command-and-control server (with the contacts later sent to other Flubot bots for pushing spam), reads SMS messages, makes phone calls, and monitors system notifications for app activity.
Those who have infected their devices with Flubot malware are recommended to take the following measures:
Flubot Android malware now spreads via fake security updates
Microsoft Defender scares admins with Emotet false positives
Android banking malware infects 300,000 Google Play users
APT37 targets journalists with Chinotto multi-platform malware
Windows Finger command abused by phishing to download malware
Not a member yet? Register Now
Microsoft Defender scares admins with Emotet false positives
DNA testing firm discloses data breach affecting 2.1 million people
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.


You May Also Like

800K WordPress sites still impacted by critical SEO plugin flaw

Russian hackers made millions by stealing SEC earning reportsThreat actors steal $80…

Samsung sued for flawed Chromebook hinges cracking displays

Ukraine links members of Gamaredon hacker group to Russian FSBSamsung Galaxy S21…

Windows 10 21H1 now in broad deployment, available to everyone

CISA orders federal agencies to fix hundreds of exploited security flawsUS sanctions…

Softbank plans to charge electronic gadgets using 5G antennas

State hackers breach defense, energy, healthcare orgs worldwideMediaMarkt hit by Hive ransomware,…