Android and iOS users blackmailed by 'Goontact' spyware

The malware targets users of illicit sites and steals personal information stored on their mobile devices

Security researchers have discovered a new variant of spyware that's targeting iOS and Android users as part of an international sextortion scam.

According to a blog post by researchers at cyber security firm Lookout, the spyware, called Goontact, has been found in multiple Asian countries and targets users of illicit sites and steals personal information stored on their mobile devices.

Researchers said the types of sites used to distribute these malicious apps and the information exfiltrated suggests that the ultimate goal is extortion or blackmail.

The spyware often disguises itself as secure messaging applications and can exfiltrate a wide range of data, such as device identifiers and phone number, contacts, SMS messages, photos on external storage, and location information.

While it is not presently known who is behind Goontact, it is the newest addition to a crime affiliate’s arsenal, rather than nation-state actors, said researchers.

This fraud begins when potential targets are lured into initiating a conversation on websites offering escort services. Account IDs for secure messaging apps such as KakaoTalk or Telegram are advertised on these sites as the best forms of communication and the individual initiates a conversation.

“In reality, the targets are communicating with Goontact operators. Targets are convinced to install (or sideload) a mobile application on some pretext, such as audio or video problems. The mobile applications in question appears to have no real user functionality, except to steal the victim’s address book, which is then used by the attacker ultimately to extort the target for monetary gain,” said researchers.

Based on investigations carried out by researchers, the campaign has been active since at least 2013. However, the Goontact malware family is novel and is still actively being developed.

“The earliest sample of Goontact observed by Lookout was in November 2018, with matching APK packaging and signing dates, leading us to believe malware development likely started in this time frame,” researchers said.

While the Goontact surveillance apps described in this campaign are not available on Google Play or the Apple App Store, the duration, tactics, and breadth exhibited highlight the lengths to which malicious actors will go to deceive victims and bypass built-in protections.

“It’s no secret that mobile devices are a treasure trove for cyber criminals,” said Phil Hochmuth, programme vice president of Enterprise Mobility at IDC.

“As the use of mobile devices continues to increase, so does the maturity of iOS and Android cybercrime. Now more than ever, consumers must be proactive in avoiding compromise with iOS and Android threat actors whose main objective is to fleece them financially.” 

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Recommended

How to unroot Android
Google Android

How to unroot Android

9 Sep 2020
Best ransomware removal tools
ransomware

Best ransomware removal tools

22 Jan 2021
Hackers publish over 4,000 files stolen from SEPA in ransomware attack
Security

Hackers publish over 4,000 files stolen from SEPA in ransomware attack

22 Jan 2021
Weekly threat roundup: SAP, Windows 10, Chrome
vulnerability

Weekly threat roundup: SAP, Windows 10, Chrome

21 Jan 2021

Most Popular

School laptops sent by government arrive loaded with malware
malware

School laptops sent by government arrive loaded with malware

21 Jan 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

21 Jan 2021
What is the Raspberry Pi Pico?
Hardware

What is the Raspberry Pi Pico?

21 Jan 2021