19.10.2021 - The number of reports was very high last week. This was due, among other things, to a spate of spam advertising bitcoin investments and over a hundred reports of text messages with an alleged voicemail that led to Android malware. Another topic for the NCSC last week was a new scam involving online review systems.
Text message with alleged voicemail leads to malware
Last week, the NCSC received over a hundred reports of a text message asking the recipient to listen to a voicemail at the link provided. The website that opened after clicking on the link appeared at first glance to be a page of the corresponding mobile phone provider (in this case, Swisscom or Sunrise) on which the voicemail data could be seen and the voicemail could be downloaded.
At second glance, however, it becomes apparent that an Android app must first be downloaded in order to listen to the voicemail. As could be expected, this was malware, which then infiltrates the mobile phone. The FluBot malware is specialised in stealing text messages from Android mobile phones, among other things. The aim is to find one-time passwords for banking applications in the stolen text messages. The data thus obtained enables the attackers to also abuse applications with two-factor protection in cases where the second factor is sent via text message. The attackers can log on to the bank with user names and passwords which they have usually stolen beforehand, and can then also use the malware to receive the text message verification code.
However, the FluBot malware not only steals data; it can also suppress the notification function of the infected smartphone. This means that users do not even notice that the bank has sent them an authentication text message.
This malware first appeared in Switzerland in June 2021 and the NCSC received several reports about it at that time. The malware itself hides deep in the infected operating system and it is almost impossible to uninstall it completely. Restoring the factory settings for the operating system is the only reliable way of getting rid of the malware.
Even though this malware only attacks Android devices, users of devices with the iOS operating system must also be careful and should not click on any links in text messages.
- Do not install any software that is offered outside the operating systems' official stores.
- In particular, you should not install any software received via a link in a text message or other messenger service (WhatsApp, Telegram, etc.).
- If you nevertheless installed such software, you should have the device checked by a specialist and should not carry out any banking transactions or online shopping. Do not enter any passwords either.
- Restoring the factory settings on the infected device is almost the only way to remove the malware.
Online reviews are of interest for blackmailers, too
This week, online customer reviews featured in various media. Such reviews are very helpful for customers when they want to find out in advance about an online store, a shop or a restaurant. However, since such reviews also influence customer behaviour, it is clear that there are also individual advertisers who try to manipulate such reviews in their favour or to the competitor's disadvantage. Companies specialised in "optimising" such reviews also exist.
However, a case that was reported to the NCSC last week shows that it is possible to be even bolder. An (unjustified) bad review was posted for a company on a review portal. It was written in such detail that the readers believed it to be authentic. Shortly after the review was published, someone contacted the company and offered a service to remove the bad review.
The chronological sequence would appear to suggest that the two events are connected and that this is a blackmailing scam. Even if this is not the case, such offers are usually fraudulent and promise more than they deliver.
- Be sceptical if someone offers you an unsolicited service by phone or email.
- In such a case, be sure to note down all available information, such as the exact time, the number of the person calling and other details concerning the contact. This information can help you defend yourself against unjustified reviews.
- As soon as you notice a fake review, inform the operators of the review portal.
Current statistics
Last week's reports by category:
Last modification 19.10.2021
