FBI and IC3 Warn of FinFisher and Loozfon Malware Targeting Android Devices

Anthony Freed
By | October 15, 2012

Posted in: Network Security Trends

FBI and IC3 Warn of FinFisher and Loozfon Malware Targeting Android Devices

Android's open architecture has made the operating system an increasingly attractive target for malware designers seeking to exploit mobile devices and pilfer sensitive information. Accordingly, the Federal Bureau of Investigation and the Internet Crime Complaint Center (IC3) issued new warnings for Android users regarding the recent uptick in complaints related to campaigns utilizing variants of the Loozfon and FinFisher malware.

FinFisher is a powerful cyber espionage agent developed by the Gamma Group that was originally intended for use by law enforcement and is able to secretly intercept communications, record keystrokes, and allow an attacker to remotely take control of an infected device.

The malware was discovered in the wild in July of this year by security researcher Morgan Marquis-Boire who first noticed the agent being employed in email spear-phishing campaigns targeting Bahraini activists, but now it appears the malicious code has been adopted by cybercriminals for attacks against consumers as well.

"Once any malware is used in the wild, it's typically only a matter of time before it gets used for nefarious purposes," wrote researcher Claudio Guarnieri in early August after completing an initial analysis of the code.

Loozfon, the other malware variant specifically identified in the FBI/IC3 alert, is designed to steal "contact details from the user’s address book and the infected device's phone number," which can then be employed in social engineering operations through the use of caller ID spoofing techniques.

Cybercriminals are known by authorities to be actively targeting job seekers responding to work-at-home opportunities, where a malicious link in advertisements can lead to infection with the Lofzoon malware.

IC3 issued more than a dozen recommendations for mobile device users to help protect their devices from compromise, including:


  • Deactivating unneeded default settings like geolocation and enabling encryption options

  • Careful review of applications and their permissions

  • Refrain from jailbreaking, rooting, or otherwise tampering with the device

  • Avoid using unknown wireless networks, clicking on shortened URLs, and downloading unapproved software

  • Keeping applications and firmware up to date with the latest versions

With an increase in the BYOD ( Bring Your Own Device) trend, where companies allow employees to use their personal devices for business activities, sensitive corporate data is also vulnerable to exfiltration from this mobile-based malware.

Anyone suspecting that they may have been the victim of cybercriminal activity, or who may have been the target of an email spear-phishing campaign, are urged to file a complaint at www. IC3.gov.

You May Also Be Interested In: