Virtualization Technology News and Information
Lookout Discovers New Spyware Used to Blackmail iOS and Android Users

Lookout, Inc. announced the discovery of Goontact, a new spyware targeting iOS and Android users in multiple Asian countries. Uncovered by the Lookout Threat Intelligence team, Goontact targets users of illicit sites and steals personal information stored on their mobile devices. Evidence shows these sextortion scams are affecting Chinese-, Japanese- and Korean-speaking people. Goontact may also be operating in Thailand and Vietnam. Lookout discovered evidence the campaign may have been active since 2018 and is still active today. 

The goal of adversaries is likely extortion or blackmail, based on the information gathered and the quality of the sites that distribute these malicious apps. The bounty of information Goontact can exfiltrate includes device identifiers and phone numbers, contact information, SMS messages, photos on external storage and even location information. The culprits spearheading Goontact are still unknown but based on the Lookout research, it is highly probable that Goontact is the newest addition to a crime affiliate's arsenal, rather than nation-state actors.

The private data individuals keep on mobile devices both makes it easier for cybercriminals to socially engineer successful attacks and, in the case of Goontact, run successful extortion campaigns. Acting on human impulse, this scam begins when potential targets are lured into initiating a conversation on websites offering escort services. In reality the targets communicate with Goontact operators who later convince them to install mobile applications meant to enhance the user experience. The mobile applications in question appear to have no real user functionality, except to steal the victim's personal data, that is then used by the attacker ultimately to extort money from the target. 

"It's no secret that mobile devices are a treasure trove for cybercriminals," said Phil Hochmuth, Program Vice President of Enterprise Mobility at IDC. "As the use of mobile devices continues to increase, so does the maturity of iOS and Android cybercrime. Now more than ever, consumers must be proactive in avoiding compromise with iOS and Android threat actors whose main objective is to fleece them financially."  

While the Goontact surveillance apps described in this campaign are not available on Google Play or the iOS App Store, the duration, tactics and breadth exhibited highlight the lengths to which malicious actors will go in order to deceive victims and bypass built-in protections. Users of Lookout mobile security products are protected from these threats.

To stay up to date on Lookout's latest discoveries, please visit our Threat Advisory Services

Published Wednesday, December 16, 2020 11:50 AM by David Marshall
Filed under: ,
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<December 2020>