Home Security News Android Smart Phones Become Brunt of 'Work at Home Virus' (Loozon/FinFisher Trojan) Attack

Android Smart Phones Become Brunt of 'Work at Home Virus' (Loozon/FinFisher Trojan) Attack

Posted: November 13, 2012

android phones attacked by work at home virusAs smart phones continue to grow in popularity and use, Android remains a target for malware makers, prompting the FBI to release a recent warning. Malware makers have crafted a strategy that serves up a fake and booby-trapped 'work at home' link promising easy money for sending out emails, when in fact it is the lure for the Loozon Trojan, a malicious program able to steal a victim's address book. Another aspect of this strategy involves FinFisher Trojan, a malicious program able to remotely control and monitor an infected device. Both strategies, however, are dependent on user or victim interaction, meaning one must click and accept the download of the malicious files and unknown Android applicable package (APK).

Smart phones run on an operating system and thus mirror computers in many ways, including potential of exploits and malicious attacks. Android users, at a minimum, should apply some of the same safety practices and guidelines religiously laid out for PC users:

  • Be slow to click on links until you can fully verify the source
  • Do not download any program absent authentication, i.e. an acceptable signature, and one you did not select or seek on your own.
  • Password protect your phone and use a password that is hard to crack
  • Enable encryption
  • Keep a stealth antivirus program in place that blocks connection to unknown wireless networks

The web is full of scams and traps that cheat users out of money or that deliver a nasty infection. One wrong step and it could be quite explosive, delivering vermin like Loozon and FinFisher on your PC or Android and threatening the security of data and system use. Malware makers collect and sell stolen data to help target unsuspecting PC users in their spam or scam campaigns. Such stolen vital data could contain name, addresses, phone numbers or even online accounts or banking credentials.

Unfortunately, cybercrime is a billion dollar industry and newcomers are signing up all the time, turning the field into a war zone and fight over territory, aka new victims. The introduction and growth of smart phones have opened up a new pool of victim in which cybercriminals are salivating over. Thanks to the learning curve in masterminding malware for PCs and the study of social engineering, kinks have been worked out and working strategies can be adapted to the mobile environment.

The only way to know if your system is corrupted is to run a scan using a trusted scanning tool and antimalware or antivirus program able to mitigate threats. If FinFisher, Loozon or other malware is found, you should not only aggressively remove but reset passwords and credentials to all your online accounts. Otherwise, a hacker could use your vital data to spoof your accounts and spam your family and friends, or access your bank account and rob you blind.

To put it bluntly, smart phones are only as smart as their owners.