Lookout Blog

April 11, 2014

MouaBad: When your phone comes pre-loaded with malware

Usually you celebrate when a family gets bigger. But when it’s a family of malware that could come pre-loaded on your phone, no one wants to party.

MouaBad is a surreptitious little bugger with a number of variants malware authors are flashing onto phones’ headed to consumers firmware. This is a unique and risky distribution model, likely executed by a criminal who has inserted himself into the distribution chain.

Read More

April 9, 2014

Heartbleed Detector: Check If Your Android OS Is Vulnerable with Our App


Monday, the world learned about a critical bug in OpenSSL called “Heartbleed.” It severely compromises the integrity of secure communications and there isn’t a whole lot consumers of the Internet can do to protect themselves.

But, of course, knowledge is power, so we’ve created the Heartbleed Detector, an app that will tell you if you’re running a vulnerable version of Android on your phone. While everyone has been talking about how Heartbleed affects servers and Internet infrastructure, it also affects mobile devices. Our detector app will help you figure out if your device is one of them.

You can download it here.

Read More

April 9, 2014

Heartbleed: A Note from Lookout

Remember that time a vulnerability left two-thirds of the Internet wide open to attack?

Yeah, that happened Monday.

The issue is called Heartbleed, a critical bug in “OpenSSL” — software which roughly two thirds of the Internet uses to keep connections secure.

Lookout’s main website was not affected by the vulnerability, however, some of Lookout’s other Internet-facing infrastructure was. We took care to protect our users as soon as possible, patching our systems within hours of the bug’s public release.

In short, Lookout users do not need to worry about this flaw, as they are already protected.

Read More

March 26, 2014

Bitcoin malware: Beware the digital pickpockets


Bitcoin is a global phenomenon that’s driving a 21st century gold rush.

As it stands, Bitcoin is an easy target. It is little regulated and is a desirable target at $600-$700 a coin. Since 2011 there have been more than 30 heists resulting in high-value thefts of thousands of coins — amounts that could surpass $1 billion at today’s prices.

Read More

March 26, 2014

CoinKrypt: How criminals use your phone to mine digital currency

Digital Currencies

In order to add to their stockpiles, criminals are getting really inefficient: turning phones into digital currency-mining bots.

We recently saw several versions of this malware family we call CoinKrypt, which is designed to hijack your phone in order to use it to mine digital currency for somebody else. So far we have only found CoinKrypt in Spanish forums dedicated to the distribution of pirated software.

Read More

March 25, 2014

Spring Cleaning: Your Phone Needs a Wipe Down, Too

Spring is officially here and while you might be cleaning out your closets, did you ever think you should clean out your phone?

You should.

We’ve put together a few best practices for making sure your phone (and the data on it) is safe.  Clear out those apps that make your phone look like an episode of Hoarders. Back up your photos. Get those settings in check!

Take a look at how to implement these tips and more in our guide below:

March 24, 2014

Quick Guide: Fun With Phone Security Settings for Your Android

I might be biased, but the best thing you can do for your phone is downloading Lookout on it. Who doesn’t love blocking mobile threats like Dendroid and being able to make your lost phone sound a loud alarm underneath the couch cushions?

But after you’ve done that, there’s still a ton of “fun” security settings on your Android to explore. And by “fun,” I mean “potentially confusing, but definitely important to understand.” So let’s make sense of a few of the most important settings you’ll see on 4.0 and above versions of Android.

image via PlaceIt

Read More

March 21, 2014

ShrewdCKSpy: Mobile Spyware With A Hidden Agenda

Would you rather have a paranoid spouse spying on your smartphone or a shadowy entity with unclear motives? Spyware apps frequently serve the former group (suspicious lovers), but Lookout recently caught ShrewdCKSpy, a spyware app that falls squarely into the latter category.

Read More

March 13, 2014

Welcoming Jim Dolce to Lookout

Jim and Lookout founding team

Earlier today I sent the below email to the Lookout team letting them know that I decided to hire a CEO for Lookout. With that, I’d like to welcome Jim Dolce as the new CEO of Lookout.

Read More

March 12, 2014

Lookout Open Sourced Its “Private Parts,” You Should, Too

Goodbye, terrible, jargon-filled, tiny-font legalese we like to call a privacy policy. Today, we’re launching Private Parts, an open-sourced, customizable toolkit to help developers implement visual, user-friendly privacy policies. And yes, you can use it today.

Instead of a mystifying wall of text, we wanted to create broad industry change and transform privacy policies into a clear, simple design that uses visual cues to allow users to understand how an app collects and shares their data.

To make it as easy as possible for developers around the world, we open sourced the code, which can be easily accessed on Github. In order to create a visual privacy policy with our code, it only requires five simple steps and in less than an hour, developers can have a customized visual privacy policy format installed and running on any of their apps. Any developer can customize the content, look and feel of their own privacy policy from a single JSON file using our toolkit.


Read More