Virus Alert: Malware Targeting Smartphone Users
Aaron here, with the AllClear Investigation team. The Internet Crime Complaint Center (IC3) was recently made aware of malware attacking smartphones that use the Android operating system. The newest versions of this malware are called Loozfon and FinFisher.
Loozfon is an information-stealing type of malware. With this one, criminals use different tactics to try and snare their victims. One of the tactics they use is the well-known ‘work from home’ opportunity enticing the victim with a profitable payday just for sitting at home and sending out emails. When the victim clicks on the link with these work at home advertisements it leads to a website that is designed to place the Loozfon on the victim’s mobile device. The application takes all contact information from the victim’s address book as well as the infected mobile device’s phone number.
FinFisher is a type of spyware that can take over components of a Smartphone device. When this type of spyware is installed in a mobile device, it gives remote access and can be monitored no matter where the target is located. The spyware FinFisher can be effortlessly loaded onto a Smartphone when a person visits a specific link or views a text message disguised as a system update.
These two types of malware – Loozfon and FinFhisher – are just examples used by criminals to entice people into compromising their devices.
Tips to Protect Your Smartphone from Malware, and Identity Theft:
- When in the process of looking for a new Smartphone, get to know the features on the device. Make sure to eliminate any feature that is not needed to minimize opportunities to be attacked.
- Always make sure that the device you are purchasing has encryption available. Encryption provides protection of personal data in case the Smartphone is lost or stolen.
- When downloading an application to your Smartphone always check the reviews of the developer who published the application.
- Make sure to always password-protect your Smartphone device. Along with the password, always enable the screen lock option which also has a timer that can be set after a certain amount of time of inactivity.
- When downloading an application make sure to review and understand the permissions associated.
- Make sure to get malware protection for your Smartphone. Always look for applications that provide advanced protection, specialized in antivirus or file integrity. This will help protect against rogue applications and malware.
- Stay away from applications that use Geo-location. These types of applications can track the Smartphone’s location anywhere. Most of the time these types of applications can be used for marketing purposes, but can also be used by criminals to stalk and also burglarize.
- Never connect to an unknown wireless network. Networks like this could be rogue access points that steal information that runs between your device and a legitimate server.
- Your Smartphone is more of a risk if you do not run the updates for the applications and firmware. If this is not done on a regular basis you increase the chance of having the Smartphone hacked or compromised.
- Never click on or download applications from an unknown source.
- Use the same precautions you would use on your personal computer when using the internet on your Smartphone.
From IC3: “If you have been a victim of an internet scam or have received an e-mail that you believe was an attempted scam, please file a complaint at www.IC3.gov.”