Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Technology

Finland Battles 'Exceptional' Malware Attack Spread by Phones (bloomberg.com) 27

Finland is working to stop a flood of text messages of an unknown origin that are spreading malware. From a report: The messages with malicious links to malware called FluBot number in the millions, according to Aino-Maria Vayrynen, information security specialist at the National Cyber Security Centre. Telia Co AB, the country's second-biggest telecommunications operator, has intercepted some hundreds of thousands of messages. "The malware attack is extremely exceptional and very worrying," Teemu Makela, chief information security officer at Elisa Oyj, the largest telecoms operator, said by phone. "Considerable numbers of text messages are flying around."
This discussion has been archived. No new comments can be posted.

Finland Battles 'Exceptional' Malware Attack Spread by Phones

Comments Filter:
  • ugh (Score:5, Insightful)

    by cascadingstylesheet ( 140919 ) on Tuesday November 30, 2021 @09:13AM (#62033151) Journal

    Many of the messages claim that the recipient has received a voice mail, asking them to open a link. On Android devices, that brings up a prompt that requests user to allow installation of an application that contains the malware, and on Apple Inc.’s iPhones users are taken to other fraudulent material on the website, authorities said.

    Okay ... literally anybody can text you anything. Why, in 2021, would you just tap random links, and then agree to install random stuff????

    The only thing "exceptional" about this seems to be the scale of this particular campaign.

    • Re:ugh (Score:5, Insightful)

      by Anonymous Coward on Tuesday November 30, 2021 @09:31AM (#62033197)
      Yes, it's 2021.

      Have you not seen at least some of the totally nonsensical COVID shit that gets shared over and over, while if you take a closer look it quickly falls apart?

      Have you not seen how many people still fall heads over heels for it?

      How many people will take some random miracle cures because some other dumbass that they trust recommended it, while say that vaccines have killed more than any disease?

      And have you not seen how many are even ready to become violent over this shit?

      If anything 2021 has shown us that there's lots of very stupid people.
      • Re:ugh (Score:4, Interesting)

        by GameboyRMH ( 1153867 ) <<moc.liamg> <ta> <hmryobemag>> on Tuesday November 30, 2021 @10:59AM (#62033413) Journal

        The world got away with having a lot of very stupid people for a very long time due to a relatively safe and placid environment from WW2 to the 2010s - no major wars or pandemics or Great Depression level economic collapses, at least in the first world. The "marketplace of ideas" philosophy had us accidentally spreading terrible ideologies with the misconception that discussing and debating them was totally harmless or possibly even beneficial, and treating the growing presence of an increasingly unhinged conspiracy theory culture as a benign part of a healthy liberal democracy. Then in the mid-2010s the political consequences came, and now in the 2020s the health care consequences have also come home to roost. In the mid-2020s the US will probably fall to authoritarianism like Turkey and Hungary did, and it may even happen with popular support.

        A democracy can only be as good as the average voter's education.

        • We're in the midst of the fall right now. The ideological swing to authoritarianism has been progressing quite steadily since 9-11-2001. "Protect us" and "make a law" for every little tiny thing, begging mommy government to be our savior. That shit has consequences. The next time we elect an egotistical maniacal person that ISN'T a bumbling fool and is actually a cold, calculating intelligent authority figure, we're fucked. Take Trump and give him charisma and intelligence rather than bumbling and babb

          • It's slightly more complex than that, at least in the US. In the US, part of our problem is full-blown paralysis. People on the right will say that we're making too many laws, but the truth is that you can't get a law through congress unless there's a full-blown "we need to pass this or the country collapses TOMORROW" situation. Even then, it's dicey. The US has nearly defaulted several times because the "insert name of party out of power" decided to vote no just because. It's become nearly impossible to pa
            • But Trump wasn't able to get jack squat done.

              If only! He got A LOT done, with a pace of change the left can only envy: Comprehensive immigration "reform" led by Serious Business white nationalist Stephen Miller, wide-ranging environmental and financial deregulation, wide-ranging tax "reform" shifting even more wealth to the 1%, "planned" and intiated a half-baked but hasty pull-out from Afghanistan, trashed the Iran nuclear deal because...reasons (???), totally reworked American foreign policy (for the worse). Trump "got more done" than any President

              • I think you're wrong on that one. Trump, like most previous presidents for the last 40 years, accomplished very little.

                Take immigration. Trump barely budged the needle . Neither did Obama, or Bush or Clinton. They all talked different about it, but the US immigration rates follow generation-scale shifts that have almost nothing to do with presidents. Check this out: https://www.migrationpolicy.or... [migrationpolicy.org]

                Trumps "tax reform" was a standard old-fashioned tax cut, virtually the same as the one that every re
            • by Teun ( 17872 )
              The only way American politics can be fixed is taking out the factor of money for elections.
              The US system of 'donations', PAC's etc. has absolutely noting to do with democracy.
    • Okay ... literally anybody can text you anything. Why, in 2021, would you just tap random links, and then agree to install random stuff????

      Well, the old adage build better protections and you’ll just get bigger idiots seems to be coming true. I can only expect the end of this arms race will be when someone inadvertently destroys the planet.

      • I can only expect the end of this arms race will be when someone inadvertently destroys the planet.

        Fortunately, that guy is no longer in office, even the bare-chested man with the fur-hat couldn't save him.

        • Manbearpig will soon be fed to the Lizard Queen.
          Then the Superhippies will be born, to bamboozle the world with their Kaleidoscope Eyes.
          Senator Dopey will be frozen in carbonite.
          A new era of the Republic will begin!

    • Okay ... literally anybody can text you anything. Why, in 2021, would you just tap random links, and then agree to install random stuff????

      The average person doesn't have any idea how anything works. They don't know that the text they are reading is lying to them. They don't know that opening a link in a browser could be bad. They don't even know that installing an app could be bad.

    • Okay ... literally anybody can text you anything. Why, in 2021, would you just tap random links, and then agree to install random stuff????

      Thank you. That was my thought as well. If the text isn't from someone you know or from a known source (foreign countries use texting more than the U.S. to communicate to their citizens), why even look at the text? Delete it.

      Personally, I find it amusing when I get my one or two random texts a month which looks like a two year old banged on a keyboard. Not o
    • Okay ... literally anybody can text you anything. Why, in 2021, would you just tap random links, and then agree to install random stuff????

      Because for years now, self-described "security experts" who should have known better have pushed this half-baked "two-factor" authentication. We have finally convinced (most) people that they shouldn't blindly trust anything they read in an email. Unfortunately, we've also convinced those same people that if the scam email is accompanied by an SMS, then it is 100% true and they should do what it says.

      It's also had the side effect of forcing people to get mobile phones, because nothing on the web works with

  • If unrelated but I have been finding malicious SMS put on the same thread as the legitimate messages and no way to see the real number where they were sent.

    When your bank sends you codes and have a long historic feed, including internal legit messages with links, you don't consciously bat an eye when on the same thread you receive a message that looks legit but is a Scam.

    If they somehow can spoof the "identifier" and the app uses that as the only way to organize them and also refuses to show you the number

    • Toss that phone in the rubbish can where it belongs. The *only* identifier to be used for grouping SMS is the phone number, there simply is no other identifier. In an SMS, there's no Message-id, no In-Reply-To header, nor even Subject.
      • Re: (Score:3, Informative)

        by Anonymous Coward
        It is possible to spoof the sending phone number. https://en.wikipedia.org/wiki/SMS_spoofing [wikipedia.org]
      • by pat888 ( 2188172 )

        Toss that phone in the rubbish can where it belongs. The *only* identifier to be used for grouping SMS is the phone number, there simply is no other identifier. In an SMS, there's no Message-id, no In-Reply-To header, nor even Subject.

        I have an up to date iPhone and it does the same. I've had a few spam texts claiming to be from a bank that I do use. The phone shows these texts at the top of a list that contains genuine texts from the bank.

      • The *only* identifier to be used for grouping SMS is the phone number, there simply is no other identifier.

        And anyone is free to put anything in the "sender" phone number.
        In fact lots of companies (including a few banks) use that feature to put some "helpful text" in the sender feed (like the name of the bank instead of their phone number).

        All it takes is somebody spoofing the correct data in the sender feed and done. The smartphone will helpfully try to group the attack message in the same thread as the legitimate that happen to have the exact same sender.

        NOTE: Your specific service provider might be forcing th

        • by Teun ( 17872 )
          In an html mail the real link can be obfuscated, not so in an SMS.
          People have to read the damn address where the link points to and then decide if it's kosher.
          Links using a URL shortener are by default bad.
  • called "malware campaign" all through the year, and "lame-ass New Year's wishes" on December 31st.

The unfacts, did we have them, are too imprecisely few to warrant our certitude.

Working...