BleepingComputer reports that online banking accounts across Finland were noted by the country's Transport and Communications Agency, or Traficom, to have been targeted by ongoing Android malware attacks.
Intrusions commenced with attackers spoofing payment service providers and banks to deliver SMS messages ordering recipients to contact a number, which would then instruct the installation of a bogus McAfee app, according to Traficom. Such app conceals malware that could infiltrate online banking accounts and facilitate fund transfers, Traficom added.
No further information regarding the malicious payload has been provided but the techniques used in the campaign were noted to be similar to recent attacks leveraging an updated Vultur trojan variant, which also involved the download of a fraudulent McAfee Security app.
Such a payload was reported by Fox-IT researchers to have been improved to facilitate Accessibility Services exploitation, Keyguard deactivation, comprehensive file management operations, custom notification delivery, and certain app execution restrictions.
