In Finland, cyber attacks using android malware are on the rise, prompting warnings from the Local Agency for Transport and Communications (Traficom).
Fraudsters are sending SMS messages in Finnish, posing as banks and payment systems like Mobilepay, to trick victims into installing a fake McAfee application under the guise of protection. This malicious app actually gives attackers access to victims’ bank accounts.
The messages typically include a link to download the application in “.APK” format, which is not from the official Android app store. Despite this red flag, many unsuspecting users are falling for these deceptive tactics.
The OP financial group, one of the largest financial services providers in Finland, has also issued a warning about these fraudulent messages. The police have highlighted that the malicious software enables attackers to siphon money from victims’ bank accounts. In one reported case, a victim lost a staggering 95,000 euros.
Traficom agency has confirmed that the cyber attack is specifically targeting Android users. Analysts from Fox-IT suggest that the exploitation of users’ trust in the McAfee brand may be linked to a known campaign for spreading the Trojan Vultur through a combination of SMS phishing and phone calls to deceive unsuspecting victims into installing harmful software.
The latest version of Vultur boasts enhanced file management capabilities, abuse of accessibility services, app blocking, Keyguard deactivation, and the ability to send fake push notifications.
Google has reassured users that Play Protect, the built-in Android security feature, offers automatic protection against all known variants of Vultur, emphasizing the importance of keeping it activated at all times.
OP has reiterated that they never request customers to disclose confidential information over the phone or install applications for transactions. If such requests are received, they should be reported to the bank’s support service and law enforcement immediately.
In the event of a malicious app installation, affected users are advised to contact their bank immediately, reset their device to factory settings to remove any malicious software, and change all banking system access passwords as a precaution.