Slashdot Mirror

← Back to Stories (view on slashdot.org)

FBI Issues Android Virus Warning

Posted by samzenpus on from the protect-ya-neck dept.

Dupple writes "The IC3 has been made aware of various malware attacking Android operating systems for mobile devices. Some of the latest known versions of this type of malware are Loozfon and FinFisher. Loozfon is an information-stealing piece of malware. Criminals use different variants to lure the victims. One version is a work-at-home opportunity that promises a profitable payday just for sending out email. A link within these advertisements leads to a website that is designed to push Loozfon on the user's device. The malicious application steals contact details from the user's address book and the infected device's phone number."

15 of 129 comments (clear)

  1. Fragmentation by Anonymous Coward · · Score: 5, Funny

    Clearly, Android isn't fragmented enough yet. The industry needs to work to further fragment the platform until this type of attack isn't viable.

  2. Should rename these Darwin Viruses by krelvin · · Score: 4, Insightful

    Places and things people should not be clicking on in the first place.

    1. Re:Should rename these Darwin Viruses by yog · · Score: 4, Insightful

      You still have to deal with typo squatters. If you type goole.com instead of google.com or some such you may end up at a phony website designed to phish you.

      Fortunately, it seems that the big players have grabbed most of the common typos like gogle.com, bankoamerica.com and so forth. But out of millions of sites, there's bound to be plenty of opportunities for a determined script kiddie.

      --
      it's = "it is"; its = possessive. E.g., it's flapping its wings.
    2. Re:Should rename these Darwin Viruses by Tastecicles · · Score: 5, Funny

      It's worse than that; the civic leaders of a market town in South Yorkshire have squatted goole.com.

      Oh, yeah, and they can't spell for shit.

      --
      Operation Guillotine is in effect.
  3. *sigh* Another worthless virus alert by Scutter · · Score: 5, Interesting

    No information about attack vectors (such as compromised apps), how to tell if you're infected, what to do if you think you're infected, etc. Par for the course.

    --

    "Tell me doctor, with all of your defenses, are there any provisions for an attack by killer bees?"
    1. Re:*sigh* Another worthless virus alert by Scutter · · Score: 4, Informative

      Did you even read the article? They talked a lot about attack vectors... They also went on to tell people how they can protect themselves.

      I'd assume downloading an antivirus for your phone or reformatting it would be the best option.

      They didn't talk about attack vectors AT ALL, except in the vaguest of terms. They talked about generalities that apply to any platform, not to this specific virus. It's the equivalent of saying "don't set your drink down in a crowded bar." Yes, it's good advice, but at the same time almost completely worthless to put into a press release.

      --

      "Tell me doctor, with all of your defenses, are there any provisions for an attack by killer bees?"
    2. Re:*sigh* Another worthless virus alert by euxneks · · Score: 4, Informative

      Essentially, it's FUD.

      --
      in girum imus nocte et consumimur igni
    3. Re:*sigh* Another worthless virus alert by SilentMobius · · Score: 4, Informative

      None, same way there are none for Android. including the malware included in the OP. If it doesn't propagate of it's own accord then it isn't a virus it's just a malicious app AKA malware.

      The OP mentions that "website that is designed to push Loozfon on the user's device" this is currently impossible unless there is an explain that is currently un-discussed and if there was such a thing it would be _very_ important, if (as I suspect) this is just another download-this/manually-install-the-app/accept-all-the-permissions/become-screwed idiot-trap then it is hardly news. And BTW there are plenty of these types of app for a jailbroken iPhone

      --
      Loop, twist and loop again.
  4. Only took... by Synerg1y · · Score: 4, Interesting

    10 years of smartphone generations for the government to realize there's the potential for viruses, spyware, and malware on these things as they are in all sense of the word a computer. I'm willing to bet google is now going to regulate the android market a little better, it still depends heavily on the user as to the risk posed to the device, just like with PCs.

    I've also got to respectfully disagree with the article on rooting your device, it opens up the potential to load some pretty nifty security tools that help keep you safe in the first place.

  5. Exactly! That's why Linux is virus-infested and.. by Smeagel · · Score: 4, Funny

    Windows is completely free of viruses. Oh wait.

  6. You can't fix stupid. by scottbomb · · Score: 4, Insightful

    Android is secure enough as it is. My HTC will check with me and double check before it installs any apk. As long as there are people who can be suckered into installing unknown software, we will always have viruses.

  7. Seriously by Dunbal · · Score: 4, Insightful

    This is not a virus.

    --
    Seven puppies were harmed during the making of this post.
    1. Re:Seriously by tooyoung · · Score: 4, Insightful

      Well, we've kind of dug ourselves into a hole here. For the past two years, we've been describing social engineering attacks against Apple as viruses. Sure, we knew that they weren't, but it helped to dent Apple armor on the "we don't get viruses" claim. When Apple supporters posted that these were trojans, etc, we trolled them and said they were merely arguing semantics. Now we've just got to sit through a little blow back.

  8. Wow, dangerous by funkylovemonkey · · Score: 5, Insightful

    So I have to click on a strange email and then follow an unknown link where I will be asked to download an .apk? Then I will have to go into settings and click on the option to allow me to install something that isn't in the Play Store, click through the warning that tells me that sideloading an app can lead to viruses and malware, and then install the .apk which then asks me if I'm cool with it accessing my contacts, internet and everything else? If you do all that, you're pretty determined to have problems. I imagine that those who know how to side load apps on their phone are smart enough to not randomly install apps from questionable sources. Or at least they should be smart enough to know that they have no one to blame but themselves if they fall for it.

  9. Re:Which Android? by hawguy · · Score: 4, Informative

    Even if they don't, let's be honest, the people spending money on Android "superphones" are exactly the people who're rooting, installing ROMS and sideloading. The rest, the much vaunted millions activations per are the people having slow Gingerbread shitboxes rammed down their neck by the retailers and networks that might have a passing interest in something that's "just like an iPhone" but that interest dies as soon as they try to use it and it's slow, jerky and has shit battery life. This is precisely why the web impression figures are so dramatically different between iOS and Android.

    The Galaxy S III sold around 20 million units worldwide, I'm having a hard time believing that all of those users are rooting their devices. I have a Galaxy Nexus that isn't rooted (nor have I sideloaded any apps).

    Android phones are definitely good for someone that wants to tinker and root and sideload, but they are also solid smartphones out of the box.

    I support around 250 devices - split relatively evenly between Blackberry, Android and iPhone. These users are mostly non-technical, and all seem fairly satisfied with their phones, including the Blackberry users (battery life and tight Exchange Integration are the big reasons the BB users are happy with their phones).

    Starting with Gingerbread the Android platform stopped causing support headaches (mostly in Exchange syncing), ICS and Jellybean seem to put Android on par with IOS for the most part.