14 DAY TRIAL // A piece of malware identified as Android.Loozfon has been found to steal contact details from the phones of unsuspecting users in Japan. While this functionality is not really new, the fact that it’s designed to mainly target women is somewhat interesting.
Cybercriminals rely on various incentives to trick users into installing their malicious Android applications. In many of their campaigns they target potential male victim by promising adult content.
Since adult videos don’t attract women as much as they attract men, the crooks have come up with more suitable topics: how to make money online and how to meet rich guys.
The first version attempts to lure victims by promising work-from-home jobs that can earn them a hefty profit just by sending out some emails. A link in these advertisements leads to a website that’s cleverly designed to push Loozfon onto the user’s device, Symantec experts inform.
Other variants include emails that promise the “lucky” recipient wealthy men. Some are directed to a paid dating services that also promises – yes, you guessed it – more rich men.
In all these situations, the victim ends up with an app called “Will you win?” Once it’s installed, a counter counts down from two to zero after which it informs the user that she lost.
In the meantime, the malicious app is stealing contact details from the address book, and the infected device’s phone number. The stolen information, which includes email addresses, is most likely used in the spam campaign that attempts to lure victims to the paid dating service we mentioned earlier.
The addresses obtained by the malware could also be sold by the cybercriminals to others who rely on spam messages to attract users to their websites.
In any case, we advise the owners of Android devices to be cautious when installing an unknown app. Most applications shouldn’t request the permission to access contacts, or services that cost money.