The FBI's IC3 department warns of Android viruses. It's published a list of anti-malware advice for smartphone and tablet users. It's calling out two nasties called 'Loozfon' and 'FinFisher' for special attention. But it turns out that they're 'just' Trojans.
Mark Rockwell reports well:
The FBI’s Internet Crime Complaint Center (IC3)...said the new malware...are the latest efforts by criminals to plague mobile devices.
[It] called Loozfon an information-stealing piece of malware. ... The malicious application steals...the user’s address book and the infected device’s phone number.
FinFisher, it said, is spyware that can take over...the mobile device [which] can be remotely controlled and monitored. MORE
The anonymous feds at the FBI's IC3 shake the tree:
Criminals use different variants [of Loozfon] to lure the victims [such as] a work-at-home opportunity that promises a profitable payday just for sending out e-mail.
FinFisher can be easily transmitted to a smartphone when the user visits a specific web link or opens a text message masquerading as a system update. MORE
And Dara Kerr has background a-plenty:
Security reports over the last year have shown that mobile malware is on the rise. ... McAfee [says it] is multiplying at a faster pace now than any other time in the last four years.
Google is aware of this and new features on...Jelly Bean 4.1 aim to beef up the system's security. ... Despite this, mobile users are still concerned about malware leeching their...information. According to a recent Pew survey, over half of U.S. mobile users are paranoid. MORE
Predictably, Slash Lane sounds a tiny note of gloat:
The presence of malware on Android has been known for some time, while Apple's...iOS platform is far less susceptible. ...one piece of malware did manage to slip through the cracks and was temporarily available for download. MORE
But Scutter finds the FBI's warning woefully short on specifics:
They didn't talk about attack vectors...except in the vaguest of terms. [Just] generalities that apply to any platform.
It's the equivalent of saying "don't set your drink down in a crowded bar." Yes, it's good advice, but...worthless. MORE
Scott A. Moore agrees:
Android is secure enough. ... My HTC will check with me and double check before it installs any apk. MORE
And funkylovemonkey flings dung:
So I have to click on a strange email and then follow an unknown link where I will be asked to download an .apk? Then...click on the option to allow me to install something that isn't in the Play Store, click through the warning [about] malware, and then install the .apk which then asks me if I'm cool with it accessing my contacts?
If you do all that, you're pretty determined to have problems...[and] should be smart enough to know that [you] have no one to blame but [you]. MORE
However, Christopher Eaves thinks they've missed the point:
You underestimate the power of human stupidity. See: Bonzai Buddy, every IE search toolbar every created, et al. MORE