Blog Layout
The Cybersecurity Lair™ • May 6, 2024

Latest News | Beware: Android Malware Scheme Threatens Finnish Bank Accounts

Finland's Warning: Android Malware Targets Bank Accounts via Deceptive Messages

Finland's Transport and Communications Agency (Traficom) has issued a warning regarding an Android malware campaign targeting online bank accounts. The scam involves SMS messages appearing to be from banks or payment service providers, instructing recipients to call a number. Victims are then directed to install a fake McAfee app, which is actually malware allowing threat actors to access bank accounts. The OP Financial Group also issued an alert about these deceptive messages. The police highlighted the severity of the threat, mentioning a victim who lost €95,000. The campaign exclusively targets Android devices, with no separate infection chain for iPhone users. While the specific malware type hasn't been confirmed, it resembles the Vultur trojan, which utilises smishing and phone call attacks to distribute a fake McAfee Security app. Victims are advised to contact their bank immediately if they suspect infection and restore factory settings on their devices. Google's Play Protect offers some defence against known versions of Vultur.


Key Actors:



  • Finland's Transport and Communications Agency (TRAFICOM)
  • OP Financial Group
  • Authorities in Finland
  • TRAFICOM Cyber Security Center
  • Google


Key Events:


  1. Traficom warns about an Android malware campaign targeting online bank accounts.
  2. SMS messages, impersonating banks or payment service providers, instruct recipients to call a number.
  3. Victims are directed to install a fake McAfee app, which is actually malware.
  4. The malware allows threat actors to access victims' bank accounts.
  5. The OP Financial Group issues an alert about the deceptive messages.
  6. Police highlight the severity of the threat, mentioning significant financial losses.
  7. The malware campaign exclusively targets Android devices.
  8. The malware resembles the Vultur trojan, utilising smishing and phone call attacks.
  9. Victims are advised to contact their bank and restore factory settings on infected devices.
  10. Google's Play Protect offers some defence against known versions of the malware.

Technical Analysis:


The malware campaign utilises SMS messages and spoofing technology to impersonate legitimate banks, tricking victims into installing a fake McAfee app. This app, disguised as antivirus software, is actually malware allowing unauthorised access to victims' bank accounts. The malware resembles the Vultur trojan, employing hybrid smishing and phone call attacks. Notably, the malware's latest version introduces sophisticated evasion techniques, including extensive file management operations and abuse of Accessibility Services. Victims are urged to take immediate action by contacting their bank and restoring factory settings on infected devices.


Source and further reading.


Kyberturvallisuuskeskuksen viikkokatsaus - 18/2024 | Kyberturvallisuuskeskus. (2024, March 5). Kyberturvallisuuskeskus. https://www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/kyberturvallisuuskeskuksen-viikkokatsaus-182024


Toulas, B. (2024c, May 3). Finland warns of Android malware attacks breaching bank accounts. BleepingComputer. https://www.bleepingcomputer.com/news/security/finland-warns-of-android-malware-attacks-breaching-bank-accounts/


Toulas, B. (2024c, April 3). Vultur banking malware for Android poses as McAfee Security app. BleepingComputer. https://www.bleepingcomputer.com/news/security/vultur-banking-malware-for-android-poses-as-mcafee-security-app/#google_vignette

Share by: