Youtube link for mobile viewing

The Sophos security website has reported a new bit of Android malware, and this time it's being spread on Facebook. If you watch the video above, you'll see how an unknown person on Facebook send you a link, which you dutifully click (because we all click random Facebook links from people we don't know, right?) and it downloads a malware ridden apk file to your phone. It's a trick folks have to use now that Google has a Bouncer at large in the Market.

Unfortunately, the video stops there and leads the viewer to believe that it's another cause for panic and that we need to be up in arms over this. The reality is far different, and this is a classic case of sensationalism. What happens after the part where the video ends is really the important bit.

After the file downloads, you'll have to choose to install it. This also depends on you having disabled the security feature that prevents third party apps from being installed, and failing to read the permission warning that pops up when you verify that you want to install this random file. Of course, across the Internet you'll probably not hear this part, because Android and malware in the same title generates hits. We've seen it before. 

So how do you stay safe? It's easy:

  • Don't interact with random people on Facebook
  • Don't click random URLs from random people
  • Don't install random apps that you didn't download

With Android, you get the freedom to install apps from anywhere, not just an official store where the folks that make the OS get 30 percent. You also get notified of what every app can do, and are forced to accept those terms. With that in mind, use just a little bit of common sense and you'll be fine.

Source: Sophos