When it comes to targeting the sexes, generally malware has targeted men by enticing them to view videos or pictures of sexual content—Android malware is no different. For instance, Android.Oneclickfraud attempts to coerce a user into paying for a pornographic service and certain Android.Opfake variants are designed to allow users to view adult videos, but secretly send SMS texts to premium-rate numbers in the background. Recently, however, Symantec discovered Android.Loozfon, a rare example of malware that targets female Android users.
A group of scammers is attempting to lure female Android users in Japan into downloading an app by sending emails stating how the recipient can easily make some money. The email includes a link to a site that appears to be designed to assist women to make money simply by sending emails. When a certain link on the site is clicked, Android.Loozfon is downloaded onto the device. Other links direct the user to a dating service site that likely attempts to charge money to use the service, which supposedly helps women meet rich men.
Figure 1. Malicious app downloaded if “recommended to this type of person” button is clicked
If this trick does not work, the criminal group has another trick up its sleeve. It also sends spam that states that the sender of the email can introduce the recipient to wealthy men. When the link included in the body of the email is clicked, the malware is automatically downloaded onto the device.
Figure 2. Spam email example
The downloaded app is titled “Will you win?” in Japanese. It has nothing to do with earning extra income or wealthy men.
Figure 3. Malware permissions request
If the app is installed and launched, it counts down from two to zero and then states that the user has lost. The app is programmed to lose every time, although there is nothing to either lose or win.
Figure 4. Malware counts down to “Unfortunately, you didn’t win”
It steals contact details stored on the device as well as the phone number of the device, which is the main goal of the malware. The scammers are likely harvesting email addresses in order to send spam to the contacts they were able to steal to lure them to the dating service site and/or sell the data to another group of spammers.
We continue to see spammers in Japan trying to get users to install malicious apps for the purpose of harvesting contact details stored on Android devices. We have seen a variety of social engineering techniques being used, so it is difficult to know what to watch out for. Users should only download apps from well known and trusted app vendors and be wary of installing apps from links included in emails, especially if they are from an unknown sender. These types of apps all request the “Your personal information” permission, so when installing apps users should make sure that an app has a legitimate reason to request this permission.