Android malware is wiping out bank accounts in Finland


An ongoing Android malware attack is targeting online banking accounts, say Finnish authorities.

Finland's Transport and Communications Agency (Traficom) is warning that victims may get an SMS from a local phone number in Finnish, urging them to dial a service number. Doing so leads to the installation of malware on an Android device.

The attacks are targeting Android users as the malware does not work on iPhones. The authorities have not yet revealed the malware type.

In a notice on May 3rd, authorities explained that the malicious messages might state that the recipient has a debt collection claim or strange account events, urging them to call the given service number.

Individuals who dialed the service number were advised that the suspicious activity is likely to be a fraud and that security measures should be implemented for their device.

While on the call, another text message containing a malicious link was sent to the caller. This link purported to provide downloadable antivirus. However, it actually led to the installation of malware disguised as McAfee antivirus software.

A Helsinki police notice on April 26th informed about an increasing number of cases where malicious software has been installed on individual phones. In one case, the victim lost €95,000 from their bank account.

Traficom advises people to exercise caution and avoid responding to suspicious messages or downloading any applications from sources other than the official app store. They stress that banks or authorities never request customers to provide online service credentials, make payments, or install applications over the phone.

If a user unwittingly installs the malware, authorities strongly recommend taking immediate action:

  • Reset the device to factory settings to remove the malware.
  • Contact the bank promptly to minimize financial repercussions.
  • Secure all affected accounts by changing passwords.
  • File a criminal report with the police to document the incident and aid in investigations.

Android is targeted

Last week, other reports about malware targeting Android were released. ThreatFabric analysts discovered the new trojan Brokewell, which includes a powerful feature set that allows attackers to take over user devices and steal data.

The trojan hijacks the infected phone’s screen to capture user credentials and other inputs. Additionally, it steals cookies and sends them to the command-and-control server. It also records every event on the device: touches, swipes, displayed information, text input, and opened applications.

Analysts warned that this malware poses a significant threat to the banking industry and users. It allows attackers to remotely access all assets available through banking apps.