New smartphone malware, says FBI, could find devices’ owners

Smartphones and their owners are the targets of new malware that can steal information and take over parts of the devices’ operating system and possibly monitor its owners’ whereabouts, the FBI’s Internet crime center warned.

The FBI’s Internet Crime Complaint Center (IC3) on Oct. 12 said the new malware, called “Loozfon” and “FinFisher” are the latest efforts by criminals to plague mobile devices.

A post on the IC3”s “New E-scams and warnings” page called Loozfon an information-stealing piece of malware, with criminals using different variants to lure victims. One version, it said, is a work-at-home opportunity promising a profitable payday just for sending out e-mail. A link within the advertisements, it said, leads to a Web site designed to push Loozfon on the user’s device. The malicious application steals contact details from the user’s address book and the infected device’s phone number, it said.

FinFisher, it said, is spyware that can take over the components of a mobile device. When the malware is installed, the mobile device can be remotely controlled and monitored no matter where the device is located. It added that FinFisher can be easily transmitted to a smartphone when the user visits a specific web link or opens a text message masquerading as a system update.

The IC3 advised that users know their device’s features when they buy it and to turn it off when it’s not being used. It also advised owners to use encryption functions on their devices, when available, and to use passcodes and screenlocks. It also advised to “be aware” of geo-location capabilities that can track the user’s location. It said while the application can be used for legitimate marketing purposes,  it can also be harnessed by “malicious actors, malicious actors, raising concerns of assisting a possible stalker and/or burglaries.”