Google works on malware scanner as FBI issues Android warning

Posted by Emma Woollacott

Google's reported to be developing a malware scanner for Google Play - with excellent timing, as the FBI's Internet Crime Complaint Center (IC3) has just issued a warning about increasing levels of malware targeting Android phones.

According to Android Police,  there's a new version of the Google Play app in the pipeline that will include the ability to scan users' smartphones for malware.

Security firm Sophos has taken a look at the code.

"Our examination of the new code in Google Play suggests that the company is building an API framework for virus-scanning in the future, and that the functionality will not be available until at least API level 17 (which will be supported in the version of the Android operating system after Android 4.1 (Jelly bean)," says consultant Graham Cluley. "This functionality would also make use it seems of the Google Safe Browsing API."

Android threats are on the rise, leaping 76 percent during the second quarter of this year, according to McAfee.

The IC3 highlights two examples in particular, Loozfon and FinFisher. Loozfon is an information-stealing app that offers either porn or work opportunities to lure users in. It's been largely targeted at Japan so far.

FinFisher is more sinister, it says.

"FinFisher is a spyware capable of taking over the components of a mobile device. When installed the mobile device can be remotely controlled and monitored no matter where the target is located," it warns. "FinFisher can be easily transmitted to a Smartphone when the user visits a specific web link or opens a text message masquerading as a system update."

The IC3 finishes up with a list of recommendations for avoiding malware: it's available here.