learn to track

Scammers Trick Android Users with Fake Antivirus Apps, Draining Bank Accounts

TL;DR: Android users in Finland are being tricked into installing a fake McAfee antivirus app that can drain their bank accounts. The scam involves smishing and phone calls, urging users to sideload the malicious app. Stay vigilant and avoid sideloading apps.

A new Android malware campaign is using cunning tactics to trick users into installing a malicious app that can empty their bank accounts. While this particular campaign currently targets users in Finland, it serves as a stark reminder of the devious methods hackers employ to deceive people into installing malware.

The Scam Unfolds

According to Finland’s Transport and Communications Agency (Traficom), the attack begins with a text message instructing the recipient to call a phone number. When they comply, a scammer on the other end directs them to install a McAfee app for protection. The initial text messages appear to come from banks or payment service providers, using spoofing technology to lend an air of legitimacy to the request.

However, no bank or financial service provider would ever ask customers to sideload an app, making this a clear red flag.

Sideloading: A Major Red Flag

The fake McAfee app arrives as an Android APK file, requiring users to sideload it onto their phones. This is a significant warning sign, as legitimate apps are typically downloaded from official app stores like the Google Play Store.

Despite the obvious red flags, many Finnish users have fallen victim to this scam, with one individual losing over $100,000. The scam has become so widespread that OP Financial Group, a financial service provider, has issued a separate alert on its website, cautioning customers about text messages impersonating banks or national authorities.

Similarities to Vultur Banking Trojan

Although Finnish authorities didn’t specify the malware strain used in this campaign, BleepingComputer noticed similarities to a recent Vultur banking trojan campaign from earlier this year. This new Vultur variant employs a combination of smishing (phishing over SMS) and phone call attacks to persuade potential victims to download a fake McAfee Security app – a nearly identical attack scenario to the one used in this new campaign.

Steps to Take if Infected

If you’ve accidentally installed this malicious app posing as McAfee, take immediate action:

  1. Call your bank to enable protective measures
  2. Factory reset your compromised Android phone to wipe the malware

While you’ll lose your apps and data, it’s essential to remove the malware from your device.

Staying Safe from Android Malware

Android malware can have devastating consequences if you’re not vigilant. To protect yourself:

  • Avoid sideloading apps
  • Check ratings and reviews of apps before downloading
  • Watch video reviews to see the app in action
  • Pay attention to app permissions, especially Accessibility Services
  • Ensure Google Play Protect is enabled
  • Consider installing a reputable Android antivirus app

Stay alert and don’t let emotions cloud your judgment when dealing with messages or communications from unknown senders or those posing as someone they’re not. Scammers and hackers will continue to devise clever ways to infect users with malware, so it’s crucial to remain cautious online.


Add comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.