The Finnish Transport and Communications Agency's Traficom Cybersecurity Center warns of incoming scam messages via SMS that could lead to malware infection.
Packet-themed messages include a follow-up post here link and direct people to websites from which the Flubot malware is fed to your Android phone.
Currently, the scam is being spread at least on behalf of DHL.
Opening the website does not yet cause an infection.
Yes, the answer to the next question is yes.
The website provides a .apk file for download to your phone, which should not be accepted under any circumstances.
What makes it confusing is that accepting a download is the default option.
When a website offers malware to download, the user receives such a prompt.
The function must be canceled immediately.
The picture is from a scam sent in the name of Posti previously seen.
Photo: Henrik Kärkkäinen
Read more: If the phone displays such a message, do not answer in the affirmative under any circumstances
Text messages come to all phones, but the malware doesn’t work on the iPhone.
The malware is quite advanced and can steal data from the device as well as forward text messages spreading the malware from the device or send paid messages abroad.
Scam pages and messages are now very credibly made.
Photo: Cyber Security Center
Once launched, the malware requests extensive permissions on the device, after which it begins to steal data from the device.
According to security company F-Secure, Flubot can steal passwords, usernames, personal information and bank IDs.
The Cyber Security Center states that if the user has already installed the malware, immediate action should be taken.
Reset the device to factory settings.
You will lose unsupported data, but you will prevent the malware from proceeding further.
If you used a banking application or processed credit card information on a contaminated device, contact your bank.
Report financial losses as a criminal offense.
Change passwords for services you have used on your device.
The malware may have stolen your password if you logged in to the services after installing the malware.
Contact your telecom operator, as you may have received paid messages from your subscription.
Android malware currently on the move spreads itself through text messages from infected devices.
The Cyber Security Center has previously warned of FakeCop / FakeSpy / RoamingMantis malware, which works similarly to FluBot.
Read more: This is the kind of malware currently being spread on Finnish phones - “We can talk about an epidemic”
The quality of scam messages has steadily improved and today it can be very difficult to distinguish them from genuine commercial and government messages.
Read more: Comment: The “scam message” was a genuine vehicle tax announcement - now an important limit has been exceeded