April 24, 2014

BadLepricon: Bitcoin gets the mobile malware treatment in Google Play


Your phone is running low on battery and it seems to be working harder than usual. Would you ever suspect that it was secretly mining Bitcoin for someone you don’t know?

Lookout found a piece of mobile malware in Google Play that quietly uses your phone’s processing power to create new coins. We call it BadLepricon, and yes, that is how the malware authors spelled “leprechaun.” We hope they were going for a clever play on the word “con.”

Category:   malware  •  Security
April 24, 2014

Introducing a new look for Lookout maps

We are excited to announce that starting today, Lookout will be using MapBox for all of our location services. This means that the map you see when you log into Lookout.com, as well as the maps you receive in Lookout emails, will look a little different moving forward (in a good way!). Here’s a sneak peek:


If your device is ever lost or stolen, we want to make it as easy as possible for you to locate your missing device – and MapBox lets us do just that. These maps are accurate, easy to navigate and fully designed by the Lookout team to fit right in with your Lookout experience. To take them for a spin, just log into Lookout.com and locate your phone now!

Category:   Uncategorized
April 18, 2014

Heartbleed + Android: A Not-So Love Story

Heartbleed is a big issue affecting both clients and servers, but as it pertains to Android device, the data is looking a lot more encouraging.

We gathered information from our Heartbleed Detector app, which will tell you if your Android device is affected by the Heartbleed vulnerability. We were happy to find that 96 percent of people who sent us their data were not vulnerable!

As expected, those in the vulnerable category had Android 4.1.1 installed on their phones. This was the same Android version Google explained was affected. However, we also saw some vulnerable devices running Android 4.2.2. This is likely due to custom versions of the operating system floating around.

Anyone with a vulnerable version of Android should look for an update to protect themselves. Otherwise, it’s up to your service providers to patch their systems. Get in touch with them and any company with which you have an online account.

Check out our data below for more information on how Heartbleed is affecting Android users.

Thank you to everyone who shared their data with us!

Category:   Vulnerability
April 11, 2014

MouaBad: When your phone comes pre-loaded with malware

Usually you celebrate when a family gets bigger. But when it’s a family of malware that could come pre-loaded on your phone, no one wants to party.

MouaBad is a surreptitious little bugger with a number of variants malware authors are flashing onto phones’ headed to consumers firmware. This is a unique and risky distribution model, likely executed by a criminal who has inserted himself into the distribution chain.

Category:   Alerts  •  malware
April 9, 2014

Heartbleed Detector: Check If Your Android OS Is Vulnerable with Our App


Monday, the world learned about a critical bug in OpenSSL called “Heartbleed.” It severely compromises the integrity of secure communications and there isn’t a whole lot consumers of the Internet can do to protect themselves.

But, of course, knowledge is power, so we’ve created the Heartbleed Detector, an app that will tell you if you’re running a vulnerable version of Android on your phone. While everyone has been talking about how Heartbleed affects servers and Internet infrastructure, it also affects mobile devices. Our detector app will help you figure out if your device is one of them.

You can download it here.

Category:   Vulnerability
April 9, 2014

Heartbleed: A Note from Lookout

Remember that time a vulnerability left two-thirds of the Internet wide open to attack?

Yeah, that happened Monday.

The issue is called Heartbleed, a critical bug in “OpenSSL” — software which roughly two thirds of the Internet uses to keep connections secure.

Lookout’s main website was not affected by the vulnerability, however, some of Lookout’s other Internet-facing infrastructure was. We took care to protect our users as soon as possible, patching our systems within hours of the bug’s public release.

In short, Lookout users do not need to worry about this flaw, as they are already protected.

Category:   Security  •  Vulnerability
April 2, 2014

Scheduled Maintenance Tonight, Wednesday April 2nd

Just a quick heads up that Lookout will be performing server maintenance tonight, Wednesday, April 2nd. Our site, www.lookout.com, will be unavailable for a thirty-minute window between 10 PM Pacific Time and 11 PM Pacific Time.

This means you won’t be able to log into your Lookout.com account or find your phone while the site is down. We’re sorry if this causes you any trouble! This blog will be available during that time, and we’ll be standing by and giving updates on Facebook and Twitter if you need help or have questions.


Category:   Hidden  •  Lookout News