Finfisher and Loozfon target Android users

Two pieces of malware were recently discovered to be aimed specifically at Android users.

As smartphones become a must-have for everyday life, more and more malware is being directed at cellphone users. Recently, two different malicious programs were discovered aimed specifically at Android users.

The Internet Crime Complaint Center has named Loozfon and Finfisher as the latest culprits in an increased number of malicious attacks on Android users, according to a Network World blog post. Here’s the breakdown on these two public enemies:

Wanted: Loozfon and Finfisher

Crimes: Loozfon is an information-stealing piece of malware. Finfisher is a piece of spyware that allows the device to be remotely controlled and monitored.

Tactics: Loozfon used an advertisement for a work-from-home opportunity that promised healthy payout for sending out emails. Utilizing a fraudulent link, Loozfon lured unsuspecting job seekers to a malware-ridden website.  Once installed, Loozfon stole the contact details from the users phone book.

Finfisher lured victims using the guise of an important system update. Once installed, it allowed attackers to remotely control and monitor user activity.

The Network World article also provided advice for how Android users could protect themselves from malware like Loozfon and Finfisher. The list included password protecting mobile devices and practicing caution when enabling geolocation features. It also warned against connecting to unknown wireless networks because these could be rogue, information-capturing access points.

The threat to mobile devices has even received the attention of the United States Government Accountability Office. A September GAO report noted that the number of malware variants has increased by 185 percent in the last year. Included was an example in which a botnet operator was using 10,000 to 30,000 infected devices to potentially generate millions of dollars of revenue.

The report made it clear that as millions of Americans rely on their smartphones and tablets for personal and professional use, criminals are exploiting device vulnerabilities and using a combination of methods to intercept and access sensitive information.

The increasing complexity and quantity of fraudulent, malware-carrying apps and links means that users should be careful when installing applications on mobile devices and personal computers.

Do you know anyone who has download Loozfon or Finfisher? Have you ever received a text message that contained a link from a number you didn’t recognize?

Matt Williams

A self-proclaimed ‘tech geek’, Matt has worked in technology for a decade and divides his time between blogging and working in IT. A huge New York Giants fan, when not watching football Matt gets his game on playing Call of Duty with his friends and other tech bloggers.