WASHINGTON: The Internet Crime Complaint Center has issued an Intelligence Note warning of two new types of malwares attacking the Android operating system for mobile devices. The first, Loozfon, collects user information through a link within an email advertisements for a work-at-home opportunity. Loozfon steals the user’s address book and the device’s phone number.
The second, FinFisher, is spyware that can take over certain functions of the infected Android device, allowing the attacker to remotely control and monitor the user's device no matter where they are located. FinFisher can be transmitted to a smartphone when users visit specific websites or open texts masquerading as system updates.
IC3, the Internet Crimes division of the Federal Bureau of Investigation and the National White Collar Crime Center, provided several tips to avoid malware infections:
- Know the device features of the device, including the default settings. Turn off unnecessary features.
- Enable encryption.
- Look at the reviews of the developer/company that published the application.
- Review and understand the permissions you are giving when you download applications.
- Passcode protect your mobile device.
- Obtain malware protection.
- Be aware of applications that enable geo-location. This application can be used for marketing, but can be used by malicious actors raising concerns of assisting a possible stalker and/or burglaries.
- Jailbreak or rooting can increase the attack surface of the device. Anytime a user, application or service runs in “unrestricted” or “system” level within an operation system, it allows any compromise to take full control of the device.
- Do not allow your device to connect to unknown wireless networks.
- If you decide to sell your device or trade it in, make sure you wipe it.
- Smartphones require updates to run applications and firmware.
- Avoid clicking on or otherwise downloading software or links from unknown sources.
- Use the same precautions on your mobile phone as you would on your computer when using the Internet.
IC3 says if you have been a victim of an internet scam or have received an e-mail that you believe was an attempted scam, to file a complaint at www.IC3.gov.