Finnish authorities warn of new wave of malware text messages

Communications agency Traficom says that people in Finland received 70,000 malicious messages within one day, and predicts that the number will rise.

The malware particularly targets phones using the Android operating system (file photo). Image: Derrick Frilund / Yle

The Transport and Communications Agency (Traficom) has warned of a resurgence of scam messages spreading malicious software known as FluBot. The agency said on Friday that the malware, which has proliferated in Finland in recent days, targets users with Android devices and mobile subscriptions. The malicious software can steal data from a phone if the user clicks on a link in an SMS.

Traficom predicts that the volume of messages will increase in the coming days.

The agency cites reports received by the National Cyber Security Centre (NCSC-FI) indicating that scam text messages written in Finnish have been sent to tens of thousands of people in Finland.

Fraudsters send a variety of text messages with different wording and links. While the messages are written in Finnish, they do not include Scandinavian characters (å, ä and ö). They also include characters such as +, /, &, % and @ in illogical places in the text, which makes it more difficult for telecommunications operators to filter the messages.

The SMS may claim that the recipient has received a voicemail message or a message from their mobile operator. All the messages urge the recipient to open the link in the message.

Clicking on the link does not immediately install the malware, though. Users are asked to allow the installation. The malware may also steal data from the device and send more malware-spreading scam messages.

"According to our current estimate, approximately 70,000 messages have been sent in the last 24 hours. If the current campaign is as aggressive as the one in the summer, we expect the number of messages to increase to hundreds of thousands in the coming days. There are already dozens of confirmed cases where devices have been infected," Traficom said in a statement on Friday.

While the malware targets Android phones, texts are also sent to other devices. For example, iPhone users are directed to various fraudulent sites that phish for credit card details, among other attempts at fraud.

Record number of e-scams this year

Traficom says that anyone who unwittingly installs the malware should immediately carry out a factory reset of the device. When restoring from a backup, ensure that the backup was created before the infection.

The previous wave of scam messages carrying the FluBot bug was detected in Finland last June and July. At that point, the messages claimed to notify recipients of parcel deliveries, with links to a purported tracking site. Later, fraudsters have sent messages referring to voicemail.

Authorities have reported an upsurge in electronic fraud during the pandemic. Last week Finnish police said that online scammers have conned victims in the country out of 33 million euros so far this year, up from last year's record of 25 million.