Malware Threat Targets Android Devices Through Email

Malware on smartphone

A new form of malware attack on Android phones has security experts on the look-out. This form of scareware infects your computer through a phishing email and malicious link.

Chris Brook, of ThreatPost, reports that the emails will appear to be from the United States Postal Service.

The message informs you that the USPS was unable to deliver your package because the postal code contains an error. You’re then prompted to print a label. When you follow the “Print The Label” link included in the email, a malicious Android Package File, or .apk, is downloaded to your device.

This particular scam seems poorly constructed. After all, most of us know when we’ve sent a package recently and understand that printing a label for a package that isn’t in our possession wouldn’t do much good. However, there are plenty of users who will click the link to try to gain more information, even if they haven’t sent a package in months. Hackers play on our curiosity and even thin attacks like this one will claim victims.

This form of malware has been used before. Security experts note that a previous scam using it in a scam that asks users to pay a subscription fee to keep their devices clear of malware. What’s noteworthy is the way the malware is being distributed. Cyber criminals are adjusting to the number of users who access their email on their Android devices and are attempting to exploit that fact.

This malware is reportedly even capable of intercepting both incoming and outgoing calls. It also is capable of changing file names to look more innocent. Instead of a suspicious .apk file, it will appear as a .zip file with a tantalizing name like

Android users should go into the settings on their device and disable the option to “allow installation of apps from unknown sources”. Users will also be able to enable a “Verify Apps” option, which will warn them before any potentially malicious app is downloaded.

These two options help keep your device safe, but you’ll also want dedicated security apps as well. To upgrade the security on any of your devices, or to rid them of existing infections, come by or contact Geek Rescue at 918-369-4335.

September 12th, 2013