The FBI's Internet Crime Complaint Center has recently issued a warning about Android malware, citing two new malicious applications and how they can cause all sorts of havoc to the unsuspecting user. From the IC3 page:
Loozfon is an information-stealing piece of malware. Criminals use different variants to lure the victims. One version is a work-at-home opportunity that promises a profitable payday just for sending out e-mail. A link within these advertisements leads to a website that is designed to push Loozfon on the user's device. The malicious application steals contact details from the user’s address book and the infected device's phone number.
FinFisher is a spyware capable of taking over the components of a mobile device. When installed the mobile device can be remotely controlled and monitored no matter where the Target is located. FinFisher can be easily transmitted to a Smartphone when the user visits a specific web link or opens a text message masquerading as a system update.
Loozfon and FinFisher are just two examples of malware used by criminals to lure users into compromising their devices.
While we applaud the intent of the message -- keeping users safe -- the mechanics and facts are sorely lacking. Both the examples involve user "phishing," or tricking someone into clicking something. These aren't just flying around in space looking for your phone. And there's a big difference there.
Case in point -- one of the popular methods of propagation for the Loozfon malware that wasn't mentioned involves a promise of meeting wealthy Japanese men. Presumably, you can meet these men by clicking a link in an unsolicited message or from a web page. Protip -- you won't. Don't click them. The FinFisher malware gets even more tricky, as they mention the user is promised a system update if they click a link. In realty the user gets a variant of a corporate trojan written by professionals with ties to law enforcement.
The FBI also gives a lengthy list of precautions to take to keep your phone safe, and we have to agree with them. Common sense items like not clicking unknown links and password protecting your phone are a must. Yet they forgot the most important one:
Applications can not install themselves after they have been downloaded.
Even if you've clicked and downloaded one of these malicious apps, you still have to ask to install it, agree to the permissions you're given, then OK the entire process. Until that happens, it's just a file that can do no harm. There's two real pieces of advice we can give here -- read what you're installing, and pay attention to what you click.
Google's giving up too much ground in the smart home fight
We're in the thick of our fall launches, but after the tidal wave of new products from Amazon last week, Google's Launch Night In looks like it'll barely make a splash. That's not good, because Alexa and Ring are rapidly gaining on Assistant and Nest.
Luna is both a safe bet and Amazon's best idea in years
Is "rolling your own" Netflix-style game library what we really want? Amazon thinks so.
Google's parent company settles shareholder lawsuit over sexual misconduct
Following sexual misconduct reports from 2018, Google has settled a shareholder lawsuit and announced major changes to how the company operates in these regards — including no severance packages for employees fired over sexual misconduct.
These are the best rugged Android phones
Living the rough and tumble life? Get yourself a smartphone that can handle everything you throw at it — or throw your phone at.