A new malware strain found by security researchers called Goontact has been found targeting Android and iOS users. The spyware can collect data such as phone identifiers, contacts, SMS messages, photos, and location information from affected victims. The spyware or malware strain with spying and surveillance capabilities was first detected by mobile security firm Lookout. The target audience of these sites appears to be limited at the moment to Chinese-speaking countries, Korea, and Japan, according to an online report.
Lookout, based on the language used for admin panels of the servers, speculates that Goontact spyware is likely managed by Chinese-speaking threat actors. The data collected from the spyware apps is sent back to online servers under the Goontact operators’ control.
Goontact malware is distributed via third-party sites promoting free instant messaging apps dedicated to reaching escort services. The service has not found its way to Apple App Store or Google PlayStore. However, the report notes that users could be downloading and side-loading Goontact-infected applications.
Apurva Kumar, Staff Security Intelligence Engineer at Lookout told ZDNet that Goontact operation is similar to sextortion campaign described by Trend Micro in 2015. There is no evidence regarding the same. However, Kumar believes that data collected through Goontact apps could later be used to extort victims into paying small ransoms or have their attempts to arrange sexual encounters exposed to friends and contacts.
“The scam begins when a potential target is lured to one of the hosted sites where they are invited to connect with women. Account IDs for secure messaging apps such as KakaoTalk or Telegram are advertised on these sites as the best forms of communication and the individual initiates a conversation,” Lookout notes in a blog post.
“In reality, the targets are communicating with Goontact operators. Targets are convinced to install (or sideload) a mobile application on some pretext, such as audio or video problems. The mobile applications in question appears to have no real user functionality, except to steal the victim’s address book, which is then used by the…