My friend “M” got an email from her sister the other day. She thought it was a bit odd, because it came from Yahoo. This was not her sister’s usual email account, that was the first clue that something might be amiss. The email contained a link which she very much wanted to check out, but she knew that was dangerous. So, she decided to visit the link on her phone, thinking that if the link was malicious, it would be safe to look at on her phone’s browser. Well…not so much.
According to the CYREN Security Blog, the email in question is a fairly clever little Trojan horse. It can infect PCs and Android devices both. As it turns out, the email comes from a compromised Yahoo account. If you visit the link, it sends you to a compromised “distribution” site which redirects you based on your browser. If you’re visiting on a PC, it sends you to some kind of diet scam web site. If you visit on an Android device, you’re sent to a direct download page where malware is instantly and automatically downloaded.
This is the point at which “M” contacted me. Fortunately, she had not installed the downloaded software. If you have an Android device, there is a security setting which you have to enable in order to install software from “unknown sources.” For most of us, that box should remain unchecked. This prevents software from any place other than the Google Play store from being installed. However, if you download software from some place like Amazon, you may have unchecked this box and you are vulnerable, so be wary.
“M” was able to delete the downloaded file by going to her application drawer, clicking on downloads, long clicking on the file (which was called security.update.apk) and choosing delete. She was never in any real danger of becoming infected. Because of her security settings she wouldn’t have been able to install the software.
There are good lessons in this for all of us. If you have an Android device, make sure you leave the “unknown sources” box unchecked. Don’t assume that it’s safer to visit suspect web sites on your phone and most importantly, don’t click on links embedded in random emails. Remember, the text of a link can be different from the URL that the link points to. For example, check out this really awesome and totally safe link to cute kittens!