Symantec has discovered Android.Loozfon, a rare example of malware that targets female Android users.
A group of scammers is attempting to lure female Android users in Japan into downloading an app by sending emails stating how the recipient can make some money easily. The email includes a link to a site that appears to be designed to assist women to make money simply by sending emails. When a certain link on the site is clicked, Android.Loozfon is downloaded onto the device. Other links direct the user to a dating service site that attempts to charge money to use the service, which supposedly helps women meet rich men.
If this trick does not work, the criminal group has another trick up its sleeve. It also sends spam that states that the sender of the email can introduce the recipient to wealthy men. When the link included in the body of the email is clicked, the malware is automatically downloaded onto the device.
It steals contact details stored on the device as well as the phone number of the device, which is the main goal of the malware. The scammers are likely to be harvesting email addresses in order to send spam to the contacts they were able to steal to lure them to the dating service site and/or sell the data to another group of spammers.
Symantec advises users to be wary of installing apps from links included in emails, especially if they are from an unknown sender or source. These types of apps all request the “Your personal information” permission, so when installing apps users should make sure that an app has a legitimate reason to request this permission.