FBI Issues Android Virus Warning

← Back to Stories (view on slashdot.org)

FBI Issues Android Virus Warning

Posted by samzenpus on Monday October 15, 2012 @10:15AM from the protect-ya-neck dept.

Dupple writes "The IC3 has been made aware of various malware attacking Android operating systems for mobile devices. Some of the latest known versions of this type of malware are Loozfon and FinFisher. Loozfon is an information-stealing piece of malware. Criminals use different variants to lure the victims. One version is a work-at-home opportunity that promises a profitable payday just for sending out email. A link within these advertisements leads to a website that is designed to push Loozfon on the user's device. The malicious application steals contact details from the user's address book and the infected device's phone number."

29 of 129 comments (clear)

Fragmentation by Anonymous Coward · 2012-10-15 10:18 · Score: 5, Funny

Clearly, Android isn't fragmented enough yet. The industry needs to work to further fragment the platform until this type of attack isn't viable.
1. Re:Fragmentation by DJRumpy · 2012-10-15 11:37 · Score: 2
  
  I was just surprised to read that Android was a Virus...
Should rename these Darwin Viruses by krelvin · 2012-10-15 10:18 · Score: 4, Insightful

Places and things people should not be clicking on in the first place.
1. Re:Should rename these Darwin Viruses by yog · 2012-10-15 10:42 · Score: 4, Insightful
  
  You still have to deal with typo squatters. If you type goole.com instead of google.com or some such you may end up at a phony website designed to phish you.
  Fortunately, it seems that the big players have grabbed most of the common typos like gogle.com, bankoamerica.com and so forth. But out of millions of sites, there's bound to be plenty of opportunities for a determined script kiddie.
  
  --
  it's = "it is"; its = possessive. E.g., it's flapping its wings.
2. Re:Should rename these Darwin Viruses by Tastecicles · 2012-10-15 12:14 · Score: 5, Funny
  
  It's worse than that; the civic leaders of a market town in South Yorkshire have squatted goole.com.
  Oh, yeah, and they can't spell for shit.
  
  --
  Operation Guillotine is in effect.
3. Re:Should rename these Darwin Viruses by tsa · 2012-10-15 20:06 · Score: 2
  
  LOL, they have a search field on their site which uses Ask.com :).
  
  --
  -- Cheers!
*sigh* Another worthless virus alert by Scutter · 2012-10-15 10:19 · Score: 5, Interesting

No information about attack vectors (such as compromised apps), how to tell if you're infected, what to do if you think you're infected, etc. Par for the course.

--

"Tell me doctor, with all of your defenses, are there any provisions for an attack by killer bees?"
1. Re:*sigh* Another worthless virus alert by Scutter · 2012-10-15 11:02 · Score: 4, Informative
  
  Did you even read the article? They talked a lot about attack vectors... They also went on to tell people how they can protect themselves.
  I'd assume downloading an antivirus for your phone or reformatting it would be the best option.
  They didn't talk about attack vectors AT ALL, except in the vaguest of terms. They talked about generalities that apply to any platform, not to this specific virus. It's the equivalent of saying "don't set your drink down in a crowded bar." Yes, it's good advice, but at the same time almost completely worthless to put into a press release.
  
  --
  
  "Tell me doctor, with all of your defenses, are there any provisions for an attack by killer bees?"
2. Re:*sigh* Another worthless virus alert by euxneks · 2012-10-15 11:58 · Score: 4, Informative
  
  Essentially, it's FUD.
  
  --
  in girum imus nocte et consumimur igni
3. Re:*sigh* Another worthless virus alert by SilentMobius · 2012-10-15 23:25 · Score: 4, Informative
  
  None, same way there are none for Android. including the malware included in the OP. If it doesn't propagate of it's own accord then it isn't a virus it's just a malicious app AKA malware.
  The OP mentions that "website that is designed to push Loozfon on the user's device" this is currently impossible unless there is an explain that is currently un-discussed and if there was such a thing it would be _very_ important, if (as I suspect) this is just another download-this/manually-install-the-app/accept-all-the-permissions/become-screwed idiot-trap then it is hardly news. And BTW there are plenty of these types of app for a jailbroken iPhone
  
  --
  Loop, twist and loop again.
Only took... by Synerg1y · 2012-10-15 10:21 · Score: 4, Interesting

10 years of smartphone generations for the government to realize there's the potential for viruses, spyware, and malware on these things as they are in all sense of the word a computer. I'm willing to bet google is now going to regulate the android market a little better, it still depends heavily on the user as to the risk posed to the device, just like with PCs.
I've also got to respectfully disagree with the article on rooting your device, it opens up the potential to load some pretty nifty security tools that help keep you safe in the first place.
Re:Yet another excellent reason... by Threni · 2012-10-15 10:22 · Score: 2, Informative

http://www.slashgear.com/apple-quietly-turns-on-ios-6-iphone-advert-tracking-12251611/
Which Android? by hawguy · 2012-10-15 10:23 · Score: 2

Which version(s) of Android are vulnerable and which browsers? How does the attack work? Do I need to download and run a file? Just click on the file? Just visit the web page?
Is this even a real threat? It sounds like a vague alert that anti-virus companies send out to get you to buy their product.
1. Re:Which Android? by Vylen · 2012-10-15 10:28 · Score: 2
  
  A link within these advertisements leads to a website that is designed to push Loozfon on the user's device.
  
  FinFisher can be easily transmitted to a Smartphone when the user visits a specific web link or opens a text message masquerading as a system update.
  
  Based on that, it'd be simple websites telling people to download some installer/apk.
2. Re:Which Android? by hawguy · 2012-10-15 11:45 · Score: 4, Informative
  
  Even if they don't, let's be honest, the people spending money on Android "superphones" are exactly the people who're rooting, installing ROMS and sideloading. The rest, the much vaunted millions activations per are the people having slow Gingerbread shitboxes rammed down their neck by the retailers and networks that might have a passing interest in something that's "just like an iPhone" but that interest dies as soon as they try to use it and it's slow, jerky and has shit battery life. This is precisely why the web impression figures are so dramatically different between iOS and Android.
  The Galaxy S III sold around 20 million units worldwide, I'm having a hard time believing that all of those users are rooting their devices. I have a Galaxy Nexus that isn't rooted (nor have I sideloaded any apps).
  Android phones are definitely good for someone that wants to tinker and root and sideload, but they are also solid smartphones out of the box.
  I support around 250 devices - split relatively evenly between Blackberry, Android and iPhone. These users are mostly non-technical, and all seem fairly satisfied with their phones, including the Blackberry users (battery life and tight Exchange Integration are the big reasons the BB users are happy with their phones).
  Starting with Gingerbread the Android platform stopped causing support headaches (mostly in Exchange syncing), ICS and Jellybean seem to put Android on par with IOS for the most part.
Exactly! That's why Linux is virus-infested and.. by Smeagel · 2012-10-15 10:38 · Score: 4, Funny

Windows is completely free of viruses. Oh wait.
You can't fix stupid. by scottbomb · 2012-10-15 10:43 · Score: 4, Insightful

Android is secure enough as it is. My HTC will check with me and double check before it installs any apk. As long as there are people who can be suckered into installing unknown software, we will always have viruses.
1. Re:You can't fix stupid. by hawguy · 2012-10-15 11:36 · Score: 3, Insightful
  
  My HTC will check with me and double check before it installs any apk. As long as there are people who can be suckered into installing unknown software
  So, basically, you acknowledge you can't sideload safely? How's that walled garden suiting you?
  Just like with all software, you need to trust your source. If I don't like Google Market's policies, prices, or selection, I can move to Amazon's App store (or one of the other alternative app stores). Or I can download direct from the software maker.
  What alternative does an IOS have if he wants to install an app that's been rejected from Apple's store because of the content or features?
2. Re:You can't fix stupid. by hawguy · 2012-10-15 12:43 · Score: 2
  
  but your Android phone's not gonna burn the house down. Unless you've got a Sony battery in it and you're using it while charging.
  And your toaster isn't going to send your contacts and email to hacker groups. Each appliance has its own risks.
Seriously by Dunbal · 2012-10-15 11:08 · Score: 4, Insightful

This is not a virus.

--
Seven puppies were harmed during the making of this post.
1. Re:Seriously by tooyoung · 2012-10-15 14:35 · Score: 4, Insightful
  
  Well, we've kind of dug ourselves into a hole here. For the past two years, we've been describing social engineering attacks against Apple as viruses. Sure, we knew that they weren't, but it helped to dent Apple armor on the "we don't get viruses" claim. When Apple supporters posted that these were trojans, etc, we trolled them and said they were merely arguing semantics. Now we've just got to sit through a little blow back.
Re:Education by tepples · 2012-10-15 11:33 · Score: 3, Insightful

Smart platform vendors donate development platforms to colleges and universities around the world
But not to high schools. Or is there a good reason that kids shouldn't be programming before college? Or between graduating from college and getting a job in the field?
Wow, dangerous by funkylovemonkey · 2012-10-15 11:36 · Score: 5, Insightful

So I have to click on a strange email and then follow an unknown link where I will be asked to download an .apk? Then I will have to go into settings and click on the option to allow me to install something that isn't in the Play Store, click through the warning that tells me that sideloading an app can lead to viruses and malware, and then install the .apk which then asks me if I'm cool with it accessing my contacts, internet and everything else? If you do all that, you're pretty determined to have problems. I imagine that those who know how to side load apps on their phone are smart enough to not randomly install apps from questionable sources. Or at least they should be smart enough to know that they have no one to blame but themselves if they fall for it.
1. Re:Wow, dangerous by rampant+mac · 2012-10-15 13:02 · Score: 2
  
  You underestimate the power of human stupidity.
  See: Bonzai Buddy, every IE search toolbar every created, et al.
  
  --
  I like big butts and I cannot lie.
2. Re:Wow, dangerous by gmhowell · 2012-10-15 13:47 · Score: 2
  
  Look, the random email said I had to do that crap to see the dancing baby, so I did it. You have a problem with that?
  
  --
  Jesus was all right but his disciples were thick and ordinary. -John Lennon
Re:Yet another excellent reason... by ne0n · 2012-10-15 12:24 · Score: 3, Interesting

Maybe you're too young to remember it but Apple was logging everybody's GPS coordinates for quite a while there. It took a massive outcry before they reversed their policy on unwanted silent tracking without consent. They argued the logs weren't personal info back then.

--
$ :(){ :|:& };:
not just Android by chowdahhead · 2012-10-15 14:09 · Score: 2

It's a problem for mobile platforms in general.

FinFisher spyware made by U.K.-based Gamma Group can take control of a range of mobile devices, including Apple Inc. (AAPL)’s iPhone and Research in Motion Ltd. (RIM)’s BlackBerry, an analysis of presumed samples of the software shows...“When FinSpy Mobile is installed on a mobile phone it can be remotely controlled and monitored no matter where in the world the Target is located,” a FinSpy brochure published by WikiLeaks says. Systems that can be targeted include Microsoft Corp. (MSFT)’s Windows Mobile, the Apple iPhone’s iOS and BlackBerry and Google Inc. (GOOG)’s Android, according to the company’s literature. Today’s report says the malware can also infect phones running Symbian, an operating system made by Nokia Oyj (NOK1V), and that it appears the program targeting iOS will run on iPad tablets.
source
Re:Yet another excellent reason... by Killall+-9+Bash · 2012-10-15 17:26 · Score: 2

Really? With RIM letting repressive governments (but not ours of course) get access to SMS and email? Blackberry would be my LAST option.

--
"Prediction: within 10 years, Windows will be a Linux distribution." Me, 7-6-2016
Re:Exactly! That's why Linux is virus-infested and by Killall+-9+Bash · 2012-10-15 17:31 · Score: 2

The problem with apple products is they just work.... until one day when they just don't.

And, when it stops working, you either have a VERY expensive repair to deal with, or a very frustrating time trying to google for helpful info.

--
"Prediction: within 10 years, Windows will be a Linux distribution." Me, 7-6-2016