An alert was issued by the National Cyber Defense Institute of the National Security Service (NBSZ NKI) because of the increase in the number of SMS containing malicious links sent by fraudsters on behalf of parcel service providers. Further information on the case was published on Thursday night, and on Friday, the ORFK held a Facebook live press conference on the current epidemiological situation, which focused on the recent increase in new parcel SMS fraud and related investigations
At the event, Olivér Bor, a spokesman for the National Cyber Defense Institute of the National Security Service, and Viktor Halász r.
Viktor Halász said: this is an extensive virus campaign that affects thousands of people in Hungary: the Institute for Cyber Defense in the last 48 hours received more than 2,500 notifications. Unfortunately, many people have also clicked on the URL, but the number of infected devices is low, but they would not yet give an estimate.
According to the information, the malicious code will have access to all functions of the phone (SMS , MMS, Bluetooth, NFC) and all data. Because phone numbers are not tied directly to the perpetrators, or even the links, professionals are in a difficult position. Analyzing the source code of the virus, they came to the conclusion that it is a sophisticated virus, using a separate encryption method. Compared to similar viruses, they need to find not only the target server, but also what the perpetrators are currently using. This makes investigators race. The source code of the malware is analyzed by domestic and international experts, so the police say there is a realistic chance of finding the control server.
It is important that if you have installed the virus, your device will spread the malicious code and access the banking system. and our financial data. The basic function of malware is to copy and mirror financial interfaces, so the given codes are not given to netbank, but sent to hackers. It is not yet known whether there is a Hungarian perpetrator in the international cybercrime team
This should be known about SMS
Unpaid they are trying to obtain money or data by referring to a shipping fee, as well as trying to get malicious code downloaded by users of android devices. In text messages, fraudsters in some cases place a link that they try to open to the recipient, for example, referring to the tracking of a shipment. If the victim opens the link received in the message, a website will appear that mimics the login interface of the real parcel company well. In other cases, an application is requested to download the parcel, but instead of the supposed application, a data-stealing virus is installed, giving fraudsters access to almost all services.
Who is involved?
The NBSZ NKI suggests that whoever receives such a message receive it, search for it on the official website of the company, and check the authenticity of the message by logging in there. Never click to download the application in the message, and if you have opened it, perform a factory reset on the affected device immediately. According to the current knowledge, the malware targets the users of the following applications:
- MKB Mobile Application
- K&H mobilbank
- Budapest Bank Mobill App
- OTP SmartBank
- UniCredit Mobile Application
- George Hungary
Crypto exchanges, online Crypt Wallets:
- Blockchain Wallet
- Coinbase – Buy & Sell Bitcoin Crypto Wallet
- Binance – Buy & Sell Bitcoin Securely
- Blockchain Wallet
However, based on the malware scan, the above list may change, as the list of targeted applications is not pre-recorded in the malware.
This happens when we click
In the case of devices affected by infection, the FluBot malware constantly monitors the devices
If the program detects the launch of an application related to financial or cryptocurrencies, it “masks” the original application (a so – called. overlay technique) and, in addition to the original application, opens a phishing interface similar to the original, which is able to extract and transmit user (username, password) data to an external control server.
What to do ?
The Institute for Cyber Protection recommends that all steps for FluBot infections be taken in the following order:
- Download and install the “FluBot Malware Uninstall” application from the Google Play Store.
- The infected device has Wi-Fi and end your mobile data connection.
- Follow the instructions on the screen.
- Follow the instructions to remove the malware.
- Follow the on-screen instructions to cancel the default launcher selection.
- Uninstall an application called “FluBot Malware Uninstall”
If the infection cannot be eliminated with the application “FluBot Malware Uninstall”, it is recommended:
- about the data stored on the device (eg photos, contacts, etc.) and then
- restore the device to the factory settings.
Fraudulent messages can be reported to the e-mail address [email protected] or on the nki.gov.hu website. the sender’s telephone number and the reference in the message must be provided. Hardware, software, tests, curiosities and colorful news from the world of IT by clicking here