Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

FBI issues warning to smartphone users regarding Android malware

The FBI's Internet Crime Complaint Center has issued a warning alerting users about malware that targets the Android mobile operating system.

The intelligence note from the IC3 was issued last week, and highlighted on Monday by Apple 2.0. It noted there are various forms of malware out in the wild that attack Android devices.

Two forms of malware cited byt he IC3 are Loozfon, which steals information from users, and FinFisher, which can give nefarious hackers control over a user's device.


Image via Android Police.

Loozfon can lure in victims by promising users a work-at-home opportunity in exchange for sending out an e-mail. Visiting a link in the e-mail will push Loozfon to the user's device, allowing the malware to steal contact details from the device's address book.

The FinFisher spyware highlighted by the IC3 allows for a mobile device to be remotely controlled and monitored from anywhere. FinFisher is installed by simply visiting a Web link or opening a text message that disguises itself as a system update.

IN addition to highlighting Loozfon and FinFisher, the IC3 intelligence note also offers users a number of safety tips to help protect their mobile device. They are:

  • When purchasing a Smartphone, know the features of the device, including the default settings. Turn off features of the device not needed to minimize the attack surface of the device.
  • Depending on the type of phone, the operating system may have encryption available. This can be used to protect the user's personal data in the case of loss or theft.
  • With the growth of the application market for mobile devices, users should look at the reviews of the developer/company who published the application.
  • Review and understand the permissions you are giving when you download applications.
  • Passcode protect your mobile device. This is the first layer of physical security to protect the contents of the device. In conjunction with the passcode, enable the screen lock feature after a few minutes of inactivity.
  • Obtain malware protection for your mobile device. Look for applications that specialize in antivirus or file integrity that helps protect your device from rogue applications and malware.
  • Be aware of applications that enable Geo-location. The application will track the user's location anywhere. This application can be used for marketing, but can be used by malicious actors raising concerns of assisting a possible stalker and/or burglaries.
  • Jailbreak or rooting is used to remove certain restrictions imposed by the device manufacturer or cell phone carrier. This allows the user nearly unregulated control over what programs can be installed and how the device can be used. However, this procedure often involves exploiting significant security vulnerabilities and increases the attack surface of the device. Anytime a user, application or service runs in "unrestricted" or "system" level within an operation system, it allows any compromise to take full control of the device.
  • Do not allow your device to connect to unknown wireless networks. These networks could be rogue access points that capture information passed between your device and a legitimate server.
  • If you decide to sell your device or trade it in, make sure you wipe the device (reset it to factory default) to avoid leaving personal data on the device.
  • Smartphones require updates to run applications and firmware. If users neglect this it increases the risk of having their device hacked or compromised.
  • Avoid clicking on or otherwise downloading software or links from unknown sources.
  • Use the same precautions on your mobile phone as you would on your computer when using the Internet.

The presence of malware on Android has been known for some time, while Apple's tightly controlled iOS platform is far less susceptible to malware. This summer, one piece of malware did manage to slip through the cracks and was temporarily available for download on Apple's iOS App Store.



104 Comments

adonissmu 14 Years · 1758 comments

Just when I was about to get an Android phone. I think i'll just get the 5 instead.

jivanile 12 Years · 76 comments

Who cares if someone can steal my information so easy, it has sd card expansion slots, removable batteries, widgets, and you can swipe your palm to take a screenshot. Malware Shmalware.

sflocal 16 Years · 6138 comments

Bahahaha! This comes to absolutely ZERO surprise. What's going to be even more pathetic are the whiny fandroids and iHaters that will spin this story in every way to label it as a paid Apple article. When my friends and associates ask me for advice on their first smartphone, I say the same thing that I've been saying since the iPhone first came out. If you care about safety and security, Apple is the way to go. If you want uncertainty and headaches, Android's your poison. But..but... Android is "open"!!! Yeah.. it's open all right!! Open for everyone to see!! I'll take my walled garden any day!

shompa 20 Years · 341 comments

This is PC all over again. Today 70% of PCs have malware and/or Virus. And Google uses Linux/Unix. The most secure OS there is. This is solved in ten minutes by Google, if they wanted it. They need to certify that the program is malware free to have it on their app store. The problem is that Google can't do that since they would be open for law suites. Google would be responsible to remove all pirate apps, including emulators/roms and all that fun stuff. And one of the main selling point of Android for younger users are the free apps. There are pirate app stores on the net. Everything free for Android. And Google approves it. They only want to sell advertising and data mine. Googles culture is the "new economies". Everything is free. Google have the worlds largest torrent linking service with their search engine. They have the worlds largest collection of pirated movies and videos on youtube. And over 90% of the apps installed on their phones are pirated. (and Android is pirated) And its the medias job to inform the public about malware on Android and how Google earns money. They have done a real poor job of that so far. The big question: what is google hiding? In my country we have a legal right to know everything a company stores on their computers about a customer. I did a legal request a month ago. Google is the only company that refuses give me the data. I hope I win in court.