The FBI's Internet Crime Complaint Center (IC3) issued a warning to Android smartphone owners on Friday that point to two specific malware: Loozfon and FinFisher. The firm also provides a list of safety tips that will help protect smartphones from hackers.
In the public warning, the FBI said that criminals are using different versions of Loozfon. One scheme is a work-at-home opportunity that promises big money by just sending out email. Another scheme involves links to a subscription-based dating service that supposedly helps women meet rich men.
In both scenarios, when the user clicks on the link to find out more, they're directed to a website that pushes the Loozfon malware app onto the device. If installed, it then steals contact details from the address book and the user's phone number.
During the summer, Symantec said this particular malware targets female Android users in Japan. "If this trick does not work, the criminal group has another trick up its sleeve. It also sends spam that states that the sender of the email can introduce the recipient to wealthy men. When the link included in the body of the email is clicked, the malware is automatically downloaded onto the device," the firm said.
Symantec said the criminals are likely harvesting email addresses and phone numbers to send spam to the user's contacts in hopes to lure them to the fake sites and/or sell the data to another group of spammers.
But with the FBI now involved, it seems that the Loozfon scheme has reached the North American shores. The government is also warning device owners about FinFisher (or FinSpy), a spyware tool capable of taking over the components of a mobile device.
"When installed, the mobile device can be remotely controlled and monitored no matter where the target is located. FinFisher can be easily transmitted to a smartphone when the user visits a specific web link or opens a text message masquerading as a system update," the report said.
FinFisher is actually surveillance software developed by U.K.-based Gamma Group and sold to law enforcement channels. It was discovered being used to actively target dissidents is countries with an autocracy government system. It can be installed on a target device when the user accepts the installation of a fake update for commonly used software.
The FBI is now telling consumers to know the features of a smartphone when making a hardware purchase. They should also know the default settings, and turn off device features that are not needed to minimize the attack surface of the device. That said, does the FBI think some of this malware will come pre-installed right out of the box?
The FBI's list goes on to state the obvious: read the reviews on app markets, obtain malware protection, passcode protect the device, review the permissions of apps before installation, and more.