30 October 2012

The Internet Crime Complaint Centre (IC3), a partnership between the US Federal Bureau of Investigation (FBI) and the US based National White Collar Crime Center (NW3C) has issued a warning about malware directed specifically at the Android mobile operating system.

According to the ICCC, this includes an information-stealing piece of malware designed to steal contact details from your address book, including your phone number; and spyware capable of taking over the components of a mobile device, so that the device can be remotely controlled and monitored no matter where the target is located. If you use Android mobile devices, now would be a good time to improve your security and safety.

Staying safe with your mobile online

  • Use the security features of your phone. All phones have security settings, familiarise yourself with them and turn them on.
  • Watch out for prompts or warnings asking if you want to allow software to install or run. If you do not know what the software is or what it relates to, err on the side of caution and select no. Criminals sometimes try to dupe users into downloading malicious software (known as ‘social engineering’).
  • Downloading applications (Apps) for your mobile does expose your device. Look for reputable applications and check out the developer/company who publishes the application before you install it.
  • Review and understand the permissions you are giving when you download an application.
  • Be aware of applications that enable geo-location. This means the application can track your location anywhere. It is often used for marketing purposes, but it has the potential to also be used for malicious purposes. Some applications may be useful with geo-location services enabled, while others shouldn’t require them at all.
  • Many mobile phones allow you to set a password or Personal Identification Number (PIN) that must be entered to use the phone. Passwords and PINs make it more difficult for thieves to steal your personal information if your phone is lost or stolen.
  • Consider installing security software from a reputable provider. Antivirus, anti-theft, anti-malware and firewall software is available for many mobile phone operating systems. Check with your phone manufacturer for recommendations.
  • Check for updates to your phones operating system regularly. Install them as soon as they are available, these updates often contain changes that will make your phone more secure.
  • Bluetooth lets you wirelessly connect to devices and transfer information over short distances. For Bluetooth to work, devices need to see each other and then connect. It is best to leave your phone in undiscoverable mode (hidden) so that it is only visible when you specifically need other people or devices to see it. This means that hackers cannot easily see your phone and they cannot easily connect to it unless they already have your Bluetooth address. When connecting using Bluetooth, do so in private, uncrowded areas.
  • Change your settings so that your phone asks permission to join a new wireless network.
  • Be smart with Wi-Fi. When connecting to the internet using Wi-Fi, try to use an encrypted network that requires a password and which you are sure is operated by a reputable provider. Read our tips for using public wireless networks.
  • If you decide to sell your device or trade it in, make sure you wipe the device (reset it to factory default) to avoid leaving personal data on the device.

More information

The Internet Crime Complaint Center (IC3) Intelligence note is available at:

Information for smart phone users is available on the Stay Smart Online website:


Thank you to those subscribers who have provided feedback to our Alerts, Advisories and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.


This information has been prepared by Enex TestLab for the Department of Broadband, Communications and the Digital Economy ('the Department'). It was accurate and up to date at the time of publishing.

This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice.

The Commonwealth, Enex TestLab, and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise.

Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service.

Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.

Host of subscription service

The Commonwealth has engaged Ladoo Pty Ltd to host the Stay Smart Online Alert Service. All URL links should show the domain send.ladoo.com.au at hover over. URL links related to the administration of the service ('View online', 'Update your profile preferences' and 'unsubscribe') should direct you to web pages hosted by Ladoo Pty Ltd.


Facebook: www.facebook.com/staysmartonline
Email: staysmartonline [at] dbcde.gov.au
Web: staysmartonline [at] dbcde.gov.au (www.staysmartonline.gov.au)
You are receiving this message at the address robert.novelli [at] communications.gov.au.
Update your profile preferences
If you no longer wish to receive the SSO newsletter, you can unsubscribe.

© 2012 Australian Government. All rights reserved

Connect with Stay Smart Online