Modernizing Authentication — What It Takes to Transform Secure Access
"The first version attempts to lure victims by promising work-from-home jobs that can earn them a hefty profit just by sending out some emails," writes Softpedia's Eduard Kovacs. "A link in these advertisements leads to a website that’s cleverly designed to push Loozfon onto the user’s device, Symantec experts inform. Other variants include emails that promise the 'lucky' recipient wealthy men. Some are directed to a paid dating services that also promises -- yes, you guessed it -- more rich men. In all these situations, the victim ends up with an app called 'Will you win?' Once it’s installed, a counter counts down from two to zero after which it informs the user that she lost."
"[The malware] steals contact details stored on the device as well as the phone number of the device, which is the main goal of the malware," writes Symantec's Joji Hamada. "The scammers are likely harvesting email addresses in order to send spam to the contacts they were able to steal to lure them to the dating service site and/or sell the data to another group of spammers."
"As the researchers point out, the sheer amount of similar scams makes it difficult for users to spot all, but here's a few good rules of thumb: don't follow links embedded in emails received from people you don't know and review the permissions asked for by an app closely and carefully," writes Help Net Security's Zeljka Zorz.