FBI Issues Malware Warning to Android Phone Users
The FBI is warning Android device owners about Loozfon and FinFisher.
The FBI's Internet Crime Complaint Center (IC3) issued a warning to Android smartphone owners on Friday that point to two specific malware: Loozfon and FinFisher. The firm also provides a list of safety tips that will help protect smartphones from hackers.
In the public warning, the FBI said that criminals are using different versions of Loozfon. One scheme is a work-at-home opportunity that promises big money by just sending out email. Another scheme involves links to a subscription-based dating service that supposedly helps women meet rich men.
In both scenarios, when the user clicks on the link to find out more, they're directed to a website that pushes the Loozfon malware app onto the device. If installed, it then steals contact details from the address book and the user's phone number.
During the summer, Symantec said this particular malware targets female Android users in Japan. "If this trick does not work, the criminal group has another trick up its sleeve. It also sends spam that states that the sender of the email can introduce the recipient to wealthy men. When the link included in the body of the email is clicked, the malware is automatically downloaded onto the device," the firm said.
Symantec said the criminals are likely harvesting email addresses and phone numbers to send spam to the user's contacts in hopes to lure them to the fake sites and/or sell the data to another group of spammers.
But with the FBI now involved, it seems that the Loozfon scheme has reached the North American shores. The government is also warning device owners about FinFisher (or FinSpy), a spyware tool capable of taking over the components of a mobile device.
"When installed, the mobile device can be remotely controlled and monitored no matter where the target is located. FinFisher can be easily transmitted to a smartphone when the user visits a specific web link or opens a text message masquerading as a system update," the report said.
FinFisher is actually surveillance software developed by U.K.-based Gamma Group and sold to law enforcement channels. It was discovered being used to actively target dissidents is countries with an autocracy government system. It can be installed on a target device when the user accepts the installation of a fake update for commonly used software.
The FBI is now telling consumers to know the features of a smartphone when making a hardware purchase. They should also know the default settings, and turn off device features that are not needed to minimize the attack surface of the device. That said, does the FBI think some of this malware will come pre-installed right out of the box?
The FBI's list goes on to state the obvious: read the reviews on app markets, obtain malware protection, passcode protect the device, review the permissions of apps before installation, and more.
lol...true very true statement indeed....i also love my iphone
Well, I hope you're more than happy to torch your wallet than to be smart, go with Apple's loony map service, and risk having more features getting cut out.
what ads?
People haven't learned yet NOT to do this? You cant keep stupid safe from everything I guess...
I myself would hate to be the guy that had to write the 'warning' to people.
"Hey people are getting bad malware on androids"
"Hmm really? is it some bruteforce attack, or security hole being exploited?"
"No...they are clicking links that say 'Get rich now!' or 'Rich guys looking to marry you!"
"......really? your joking right..."
exactly. sorry toms, but this is one site i dont have on my adblocker whitelist. Why? the ads are hardly relevant, and theyre animated a majority of the time. Animated ads = nono
For mobile, I have a laptop.
For home, I have a PC.
For a phone, I have a rock that I can throw at people.
Funny to watch the iTrolls coming out the woodwork, though. The fact that Apple has increased their ad-based "surveillance" with the latest iOS iteration doesn't seem to bother them a bit.
Pot, meet kettle.
enables Governments to face the current challenges of
monitoring Mobile and Security-Aware Targets that
regularly change location, use encrypted and anonymous communication channels and reside in foreign
countries.
Traditional Lawful Interception solutions face new challenges
that can only be solved using active systems like FinSpy:
· Data not transmitted over any network
· Encrypted Communications
· Targets in foreign countries
FinSpy has been proven successful in operations around
the world for many years, and valuable intelligence has
been gathered about Target Individuals and Organizations.
When FinSpy is installed on a computer system it can be
remotely controlled and accessed as soon as it is connected to the internet/network, no matter where in the
world the Target System is based.
FinSpy was installed on several computer systems inside
Internet Cafes in critical areas in order to monitor them
for suspicious activity, especially Skype communication to
foreign individuals. Using the Webcam, pictures of the
Targets were taken while they were using the system.
Usage Example 2: Organized Crime
FinSpy was covertly deployed on the Target Systems
of several members of an Organized Crime Group. Using
the country tracing and remote microphone access, essential information could be gathered from every meeting
that was held by this group.
Wish granted. Enjoy your "golden" prison.