Well ... FBI's Internet Crime Complaint Center (IC3) has been made aware of various malware attacking Android operating systems for mobile devices," it begins. "Some of the latest known versions of this type of malware are Loozfon and FinFisher."
Loozfon is an information-stealing piece of malware. Criminals use different variants to lure the victims.
One version is a work-at-home opportunity that promises a profitable payday just for sending out email. A link within these advertisements leads to a website that is designed to push Loozfon on the user's device. The malicious application steals contact details from the user's address book and the infected device's phone number.
FinFisher is a spyware capable of taking over the components of a mobile device. When installed the mobile device can be remotely controlled and monitored no matter where the Target is located.
FinFisher can be easily transmitted to a Smartphone when the user visits a specific web link or opens a text message masquerading as a system update.
Oh well. Android is vulnerable, but they don't publish specific attack vectors. So for example "FinFisher" allows for the remote control of your very personal, can't live without device, and the certain destruction of your reputation, identity, and yadda yadda, yadda is at risk.
Among the safety tips offered by IC3 are.
Review the developer/company who published the application that you are considering downloading;
Review and understand the permissions you are giving when you download applications;
In conjunction with using a passcode, enable the screen lock feature after a few minutes of inactivity;
Obtain malware protection for your mobile device;
Be aware of applications that enable Geo-location, which can be used to track your location for purposes such as stalking or burglary;
Jailbreak or rooting is used to remove certain restrictions imposed by the device manufacturer or cell phone carrier; however, when a user, application or service runs in “unrestricted” or “system” level within an operation system, it allows any compromise to take full control of the device;
Do not allow your device to connect to unknown wireless networks, which could be rogue access points that capture information passed between your device and a legitimate server; and
If you decide to sell your device or trade it in, make sure you wipe the device (reset it to factory default) to avoid leaving personal data on the device.