Jump to content
1337

FBI Warning : New Malware attacking Android smartphones

Recommended Posts

Users should be aware that Cyber criminals are finding new ways to install malicious software on devices. The latest threat to Android phone users, according to the FBI, is a “work-at-home opportunity that promises a profitable payday just for sending out email.” -

The IC3 has been made aware of various malware attacking Android operating systems for mobile devices. Some of the latest known versions of this type of malware are Loozfon and FinFisher.

Loozfon is an information-stealing piece of malware. Criminals use different variants to lure the victims. One version is a work-at-home opportunity that promises a profitable payday just for sending out email. A link within these advertisements leads to a website that is designed to push Loozfon on the user’s device. The malicious application steals contact details from the user’s address book and the infected device’s phone number.

FinFisher is a spyware capable of taking over the components of a mobile device. When installed the mobile device can be remotely controlled and monitored no matter where the Target is located. FinFisher can be easily transmitted to a Smartphone when the user visits a specific web link or opens a text message masquerading as a system update.

Last week, security experts at McAfee announced that more than 60% of Android malware uses fake premium SMS messages. In their post on this subject, McAfee said, “Malware authors appear to make lots of money with this type of fraud, so they are determined to continue improving their infrastructure, code, and techniques to try to avoid antivirus software. It’s an ongoing struggle, but we are constantly working to keep up with their advances.”

Safety tips from FBI to protect your mobile device:

When purchasing a Smartphone, know the features of the device, including the default settings. Turn off features of the device not needed to minimize the attack surface of the device.

Depending on the type of phone, the operating system may have encryption available. This can be used to protect the user’s personal data in the case of loss or theft.

With the growth of the application market for mobile devices, users should look at the reviews of the developer/company who published the application.

Review and understand the permissions you are giving when you download applications.

Passcode protect your mobile device. This is the first layer of physical security to protect the contents of the device. In conjunction with the passcode, enable the screen lock feature after a few minutes of inactivity.

Obtain malware protection for your mobile device. Look for applications that specialize in antivirus or file integrity that helps protect your device from rogue applications and malware.

Be aware of applications that enable Geo-location. The application will track the user’s location anywhere. This application can be used for marketing, but can be used by malicious actors raising concerns of assisting a possible stalker and/or burglaries.

Jailbreak or rooting is used to remove certain restrictions imposed by the device manufacturer or cell phone carrier. This allows the user nearly unregulated control over what programs can be installed and how the device can be used. However, this procedure often involves exploiting significant security vulnerabilities and increases the attack surface of the device. Anytime a user, application or service runs in “unrestricted” or “system” level within an operation system, it allows any compromise to take full control of the device.

Do not allow your device to connect to unknown wireless networks. These networks could be rogue access points that capture information passed between your device and a legitimate server.

If you decide to sell your device or trade it in, make sure you wipe the device (reset it to factory default) to avoid leaving personal data on the device.

Smartphones require updates to run applications and firmware. If users neglect this it increases the risk of having their device hacked or compromised.

Avoid clicking on or otherwise downloading software or links from unknown sources.

Use the same precautions on your mobile phone as you would on your computer when using the Internet.

Sursa: FBI Warning : New Malware attacking Android smartphones | THN Security and Hacking News

Link to comment
Share on other sites

:))))

Si la ce va asteptati?Sa fie unul dintre cele mai sigure mobile-OS'uri?Pana si Blackberry, Symbian si Windows Phone sunt mult peste Android(nu mai vorbim de iOS).

Cat timp e open-source mereu se vor putea gasi vuln. , pot sa lucreze si 1000x67563 de oameni pentru imbunatatirea securitatii, tot se gasesc o gramada de plictisiti "black-hats".

Si asta se stia de mult timp acest lucru, inca de la primele versiuni de Android, McAfee stiu ca raportase sondaju facut pentru toate platformele.

Acum o sa creada ca daca vedem noi ca "Tocmai FBI'u " a spus asa ceva, o sa ne schimbam/o sa avem mai multa grija de smartphone-urile noastre.

Link to comment
Share on other sites

Da, nu spun lucruri doar de dragu de a scrie , uita-te in rapoartele McAfee si o sa vezi ca Android e sub toate celelalte sisteme de operare pentru tel. mobile.

Nu am scris ca unele OS'uri (Symbian, Meebo) nu sunt pe moarte, ci doar ca pana si ele sunt mai sigure decat Android'ul.

Aduti argumente in legatura ca ele sunt mai sigure si continuam discutia, dar nu schimba subiectu` gen "vechimea" dar si utilizarea in randul consumatorilor, "plz"

EDIT: Hai ca-ti aduc si un link oficial al celor de la McAfee sa nu-mi mai bat gura atat degeaba. http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q2-2012.pdf

Edited by seboo00111
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...