The US Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3) has issued an alert to warn the owners of Android smartphones to beware of pieces of malware designed to target their devices.
Two particular malicious elements are named: Loozfon
the agency, Loozfon is a piece of malware designed to steal information. It’s spread out in various ways, but in most cases it hides behind an advertisement for a fake work-from-home job.
The links in the advertisement email point victims to a website that’s cleverly set up to push Loozfon onto Android phones. Once it finds itself on a device, the threat steals the phone owner’s number and the details of address book contacts.
FinFisher, on the other hand, is even more dangerous. The controversial spyware is able to take complete control of a smartphone, allowing its masterminds to remotely control the device regardless of the victim’s location.
The agency warns that FinFisher is distributed via malicious websites, usually being masqueraded as a system update.
In order to protect themselves against such threats, Android users are advised to ensure that the features and functions that are not utilized are switched off to minimize the attack surface.
Encryption and other security applications are highly recommended since they can not only protect the smartphone against attacks, but they can also safeguard the information stored on it in case it gets lost or stolen.
Jailbreaking or rooting the device is not recommended because these procedures tend to remove certain restrictions set by the manufacturer, thus allowing cybercriminals to take it over more easily.
Smartphone owners must also be cautious when connecting to unsecured Wi-Fi connections, or when using applications that enable geo-location.
Finally, before selling a device, owners are advised to ensure that all the sensitive information stored on it is properly wiped.
The IC3 highlights the fact that smartphone users should take the same precautions as they would on their computer when utilizing the Internet.