Finland Faces Bank Hacking Surge: Watch Out!

In Finland, cybercriminals have intensified their efforts, deploying malicious Android applications aimed at hacking bank accounts, as warned by the local Finnish Transport and Communications Agency (Traficom).

These fraudsters are sending SMS messages in Finnish, impersonating banks and payment systems like MobilePay, and urging victims to install a McAfee app purportedly to protect their finances. In reality, this app is fraudulent and provides criminals access to the victims’ bank accounts.

The criminals can pose as local telecommunication operators using spoofing techniques. The messages typically contain a link to download the application in an “.apk” format, hosted outside the official Android app store. This should raise alarms for recipients, yet many Android users still fall for such deceit.

OP Financial Group, one of the country’s largest financial service providers, has also issued warnings about these fraudulent messages. The police emphasize that the malware enables its operators to transfer money from the victims’ bank accounts. In one instance, a victim lost an astonishing €95,000.

Traficom specifies that the attack targets exclusively Android users. According to analysts from Fox-IT, the exploitation of trust in the McAfee brand may be linked to a known campaign spreading the Vultur trojan, which now utilizes a mixed method of SMS phishing and phone calls to persuade victims to install the malware.

The new version of Vultur features enhanced file management capabilities, abuses accessibility services, blocks the execution of certain apps, disables Keyguard, and can send fake push notifications.

Google has previously stated that the Android-native tool, Play Protect, which is designed to combat malicious software, automatically protects users against all known versions of Vultur, hence it is crucial to keep this feature active at all times.

OP clarifies that it never asks clients to share confidential information over the phone or to install any apps for executing or canceling payments. Any such requests should be immediately reported to the bank’s support service and the police.

If malicious software is installed, users must urgently contact their bank, perform a factory reset on the device to ensure all malicious applications are eradicated, and, if possible, change all passwords for accessing the banking system.