Android and iOS users blackmailed by 'Goontact' spyware

The malware targets users of illicit sites and steals personal information stored on their mobile devices

Security researchers have discovered a new variant of spyware that's targeting iOS and Android users as part of an international sextortion scam.

According to a blog post by researchers at cyber security firm Lookout, the spyware, called Goontact, has been found in multiple Asian countries and targets users of illicit sites and steals personal information stored on their mobile devices.

Researchers said the types of sites used to distribute these malicious apps and the information exfiltrated suggests that the ultimate goal is extortion or blackmail.

The spyware often disguises itself as secure messaging applications and can exfiltrate a wide range of data, such as device identifiers and phone number, contacts, SMS messages, photos on external storage, and location information.

While it is not presently known who is behind Goontact, it is the newest addition to a crime affiliate’s arsenal, rather than nation-state actors, said researchers.

This fraud begins when potential targets are lured into initiating a conversation on websites offering escort services. Account IDs for secure messaging apps such as KakaoTalk or Telegram are advertised on these sites as the best forms of communication and the individual initiates a conversation.

“In reality, the targets are communicating with Goontact operators. Targets are convinced to install (or sideload) a mobile application on some pretext, such as audio or video problems. The mobile applications in question appears to have no real user functionality, except to steal the victim’s address book, which is then used by the attacker ultimately to extort the target for monetary gain,” said researchers.

Based on investigations carried out by researchers, the campaign has been active since at least 2013. However, the Goontact malware family is novel and is still actively being developed.

“The earliest sample of Goontact observed by Lookout was in November 2018, with matching APK packaging and signing dates, leading us to believe malware development likely started in this time frame,” researchers said.

While the Goontact surveillance apps described in this campaign are not available on Google Play or the Apple App Store, the duration, tactics, and breadth exhibited highlight the lengths to which malicious actors will go to deceive victims and bypass built-in protections.

“It’s no secret that mobile devices are a treasure trove for cyber criminals,” said Phil Hochmuth, programme vice president of Enterprise Mobility at IDC.

“As the use of mobile devices continues to increase, so does the maturity of iOS and Android cybercrime. Now more than ever, consumers must be proactive in avoiding compromise with iOS and Android threat actors whose main objective is to fleece them financially.” 

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Recommended

Malware developers create malformed code signatures to avoid detection
malware

Malware developers create malformed code signatures to avoid detection

24 Sep 2021
Apple unveils iPhone 13, new iPad, and iPad mini
Mobile

Apple unveils iPhone 13, new iPad, and iPad mini

14 Sep 2021
How to unroot Android
Google Android

How to unroot Android

7 Sep 2021
Apple delays controversial CSAM detection feature
Security

Apple delays controversial CSAM detection feature

3 Sep 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
HPE wins networking contract with Birmingham 2022 Commonwealth Games
Network & Internet

HPE wins networking contract with Birmingham 2022 Commonwealth Games

15 Oct 2021
What is cyber warfare?
Security

What is cyber warfare?

15 Oct 2021