A masked man stealing money from a digital bank.

Finland Warns Of New Android Malware Targeting Online Banking Accounts

Finland’s communications authority, Traficom, has issued an urgent warning of an ongoing Android malware campaign. This malware attack is primarily targeting Finnish citizens and tries to steal their internet banking information.

Traficom, has detected many cases of Finland SMS messages (Smishing) aimed to spread malware. The purpose of these messages is to infect Android smartphones with malware by asking the users to call a helpline that is allegedly connected to their local network or domestic telecom provider.

Fraudulent messages claiming to be from banks or payment service providers, typically using spoofing technology, are becoming more widespread.

Scammers Use Fake Finland SMS (Smishing) to Spread Malware
Scammers Use Fake Finland SMS (Smishing) to Spread Malware (Traficom)

In these scams, attackers posing as employees of trustworthy companies suggest victims install a McAfee program under the premise of improved protection. However, scammers use this malicious software to obtain financial and personal information about their victims.

Malware allows attackers to take control of a phone, even if the screen is locked. The attackers may access all saved messages and programmes on the smartphone without any limitations due to this malicious application.

According to Traficom’s alert:

According to reports received by the Cyber Security Center, targets are encouraged to download a McAfee application. The download link offers an .apk application hosted outside the app store for Android devices. However, this is not antivirus software but malware to be installed on the phone.

Helsinki police released a notice on April 26th that draws attention to an alarming trend, an increase in reports of malicious apps being installed on mobile devices. In a particularly alarming case, a victim lost €95,000 from their bank account.

The OP Financial Group, a major financial services provider, has published a notice on its website about fraudulent letters imitating banks or national agencies.

Authorities in Finland have not disclosed any hashes or IDs for the APK files, nor have they determined the sort of malware. The attacks are similar to those identified by Fox-IT researchers as being related with a new version of the Vultur trojan.

The most recent version of Vultur has emerged, using a combination of smishing and phone call methods to trick people into installing a fake McAfee Security programme. This malicious programme hides its payload in three unique phases, boosting evasion strategies.

New features include the ability to use Accessibility Services, handle complex file management, limit apps, deactivate Keyguard, and show personalised alerts in the status bar.


The malware targets Android smartphones, primarily aiming to steal money from victims’ online banking accounts. It’s important to ignore suspicious messages and to avoid downloading any apps from sources other than the official app store. If installed accidentally, you should contact your bank immediately to minimize the risk of damage and file a criminal complaint for the incident.

It’s important to check the reviews and ratings of any application on official Android app stores, including the Google Play Store, Samsung Galaxy Store, or Amazon Appstore, before installing it.

Pay close attention to the permissions required during app installation. Malicious apps designed to spread malware often request unnecessary access to your device. For example, a simple utility software like a calculator doesn’t require access to your images or contacts.

Google verifies that Play Protect, Android’s built-in anti-malware technology, offers automated protection against Vultur versions that are known to exist.

At Phishing Tackle, we know all too well that security technology is often left incorrectly configured, demonstrated by our free Domain Spoofing Test which currently gets past around 50% of users security systems.

Security Awareness Training remains one of the most cost-effective methods of boosting cyber-security within your business. Have a look at our free Click-Prone® Test to find out how many of your staff are susceptible to a phishing attack and learn how you can reduce this number today.

Recent posts