Youtube link for mobile viewing

The Sophos security website has reported a new bit of Android malware, and this time it's being spread on Facebook. If you watch the video above, you'll see how an unknown person on Facebook send you a link, which you dutifully click (because we all click random Facebook links from people we don't know, right?) and it downloads a malware ridden apk file to your phone. It's a trick folks have to use now that Google has a Bouncer at large in the Market.

Unfortunately, the video stops there and leads the viewer to believe that it's another cause for panic and that we need to be up in arms over this. The reality is far different, and this is a classic case of sensationalism. What happens after the part where the video ends is really the important bit.

After the file downloads, you'll have to choose to install it. This also depends on you having disabled the security feature that prevents third party apps from being installed, and failing to read the permission warning that pops up when you verify that you want to install this random file. Of course, across the Internet you'll probably not hear this part, because Android and malware in the same title generates hits. We've seen it before. 

So how do you stay safe? It's easy:

  • Don't interact with random people on Facebook
  • Don't click random URLs from random people
  • Don't install random apps that you didn't download

With Android, you get the freedom to install apps from anywhere, not just an official store where the folks that make the OS get 30 percent. You also get notified of what every app can do, and are forced to accept those terms. With that in mind, use just a little bit of common sense and you'll be fine.

Source: Sophos

 

Reader comments

Facebook users spreading Android malware, here's how to stay safe

18 Comments

This has nothing to do with Facebook.. If Facebook went away, they'd start infecting Google+ with this crap. And if Google+ went away and Myspace became cool again (HA!), they'd start infecting it with this crap. Some people just have nothing better to do than to spew garbage upon the Internet.

Who actually gets infected with this malware? It's unfortunate that Jerry's three points about staying safe even need to be stated. Even if I didn't read about this I would have no trouble realizing it was a scam and steering clear of it.

The original story on Sophos said
As the following video demonstrates, a link on the user's Facebook profile redirected my browser to a webpage that installed malware directly onto my Android mobile phone - without any warning or request for authorisation.

So once again all the high-hype Anti Malware software you can buy for your Android phone is a total Failure?

Sophos only makes anit-malware product for Windows Mobile, so huge grain of salt needed here. (Anti-malware vendor screaming Malware? Say it aint so!).

And he was wrong. It just downloads the apk, because the url shortner link was directly to the file. You still have to install it, I checked.

You use Android, you know that scenario is impossible. But it got Sophos linked to everywhere today, and prolly made them a quick few bucks in hits. All I can do is try to tell the whole story, and hope people read and think.

I learned a loooooooooooong time ago when I first started using Facebook to NEVER Click a link from someone you don't know & even some you do.. I go a horrible virus from my brother, who got the virus from someone he know & so on.. If it doesn't look right I either ask or leave it alone

I learned a loooooooooooong time ago when I first started using Facebook to NEVER Click a link from someone you don't know & even some you do.. I go a horrible virus from my brother, who got the virus from someone he know & so on.. If it doesn't look right I either ask or leave it alone

This video is so stupid. The guy talks like everything was done so automatically that he didn't even had the chance to defend himself against the malware.
Come on. He received a friend request from someone and the link was not sent to him, it was on the person's profile page AND HE CLICKED ON IT. And Jerry already explained why the rest is not done automatically also. I mean, REALLY?

How stupid do you have to be to actually get this malware on your phone?! So first you have to talk to random people on facebook, then click on a link that some stranger on facebook sent you, then realize that it's a link to an "app", then actually install that "app" while completely ignoring the permissions... Seriously, it's hard to have sympathy for somebody who is that technologically-challenged!

"...a link on the user's Facebook profile redirected my browser to a webpage that installed malware directly onto my Android mobile phone - without any warning or request for authorisation."

I guess you have to be as stupid as Vanja Svajcer at Sophos, who apparently doesn't know the difference between downloaded and installed. Most Android users are smarter than that.

I didn't watch the video at first, just read the post. But after watching it, I have to say, you do have to be a dumb-ass to click a shortened link on some strangers profile in the first place.

It's funny how the video stops at "eet vas malware" and doesn't go any further...like actually installing the app, going over the permissions, and explaining what that malware actually does.

Like I needed a reason to stay off Facebook. Its the devil. After hearing Mark make fun of face books users for trusting him with their personal info. Don't need a fb profile and never will. Any who just shows how sites will edit a video to make Android look bad instead of stupid users. I'm sure the desktop versions are more at risk.