The National Cyber Security Centre (NCSC-FI) at the Finnish Transport and Communications Agency has issued a “severe alert” to warn of a massive campaign targeting the country’s Android users with Flubot banking malware pushed via text messages sent from compromised devices.

The FluBot malware that caused trouble among Android users earlier this year is being spread again. In the past few days, the National Cyber Security Centre has received increasing numbers of reports about dozens of message variants used to spread the malware.

“According to our current estimate, approximately 70,000 messages have been sent in the last 24 hours. If the current campaign is as aggressive as the one in the summer, we expect the number of messages to increase to hundreds of thousands in the coming days. There are already dozens of confirmed cases where devices have been infected,” the Finnish National Cyber Security Centre said in the alert issued on Friday.

“We managed to almost completely eliminate FluBot from Finland at the end of summer thanks to cooperation among the authorities and telecommunications operators. The currently active malware campaign is a new one, because the previously implemented control measures are not effective,” said NCSC-FI information security adviser Aino-Maria Väyrynen.

Buy Me A Coffee

Android users who receive Flubot spam messages are advised not to open the embedded links or download the files shared via the link to their smartphones.

IF YOUR DEVICE HAS BEEN INFECTED WITH FLUBOT

  • Perform a factory reset on the device. If you restore your settings from a backup, make sure you restore from a backup created before the malware was installed.
  • If you used a banking application or handled credit card information on the infected device, contact your bank.
  • Report any financial losses to the police.
  • Reset your passwords on any services you have used with the device. The malware may have stolen your password if you have logged in after you installed the malware.
  • Contact your operator, because your subscription may have been used to send text messages subject to a charge. The currently active malware for Android devices spread by sending text messages from infected devices.
READ
LiteSpeed Cache Fixes Major Security Flaw Allowing Privilege Escalation on WordPress Sites