The FBI issued a warning recently for Android users about the dangers of malware, specifically two applications: Loozfon and FinFinisher.
Loozfon is an information-stealing piece of malware. Criminals use different variants to lure the victims. One version is a work-at-home opportunity that promises a profitable payday just for sending out e-mail. A link within these advertisements leads to a website that is designed to push Loozfon on the user’s device. The malicious application steals contact details from the user’s address book and the infected device’s phone number.
FinFisher is a spyware capable of taking over the components of a mobile device. When installed the mobile device can be remotely controlled and monitored no matter where the Target is located. FinFisher can be easily transmitted to a Smartphone when the user visits a specific web link or opens a text message masquerading as a system update.
Loozfon and FinFisher are just two examples of malware used by criminals to lure users into compromising their devices.
Android Central, in response to the FBI Internet Crime Complaint Center’s statement, pointed out that the FBI may be missing a key component here in the whole infection process. Just because a user downloads a malicious app doesn’t mean that the app can automatically install itself. Even if users fall for the phishing schemes and click on links disguised as system updates or the like, phones still have another step before they can be truly infected. Just downloading a file can still remain a harmless process.
Now, the real question is whether enough users will think that process through. Some users may have their apps set to auto-download, so they could perceive the downloaded file as an update of an app they already have. No, it’s not really rational, but preoccupied users may take the time to think it through.
The best solution is to avoid downloading the malicious apps in the first place if possible. Following the FBI’s recommendations of avoiding unknown links and locking your phone when you’re not using it are a great place to start. Just be sure to pay attention!