Lookout, Inc. announced the discovery of Goontact, a new spyware targeting iOS
and Android users in multiple Asian countries. Uncovered by the Lookout Threat
Intelligence team,
Goontact targets users of illicit sites and steals personal information stored
on their mobile devices. Evidence shows these sextortion scams are affecting
Chinese-, Japanese- and Korean-speaking people. Goontact may also be
operating in Thailand and Vietnam. Lookout discovered evidence the campaign may
have been active since 2018 and is still active today.
The goal of adversaries is likely extortion or blackmail,
based on the information gathered and the quality of the sites that distribute
these malicious apps. The bounty of information Goontact can exfiltrate
includes device identifiers and phone numbers, contact information, SMS
messages, photos on external storage and even location information. The
culprits spearheading Goontact are still unknown but based on the Lookout
research, it is highly probable that Goontact is the newest addition to a crime
affiliate's arsenal, rather than nation-state actors.
The private data individuals keep on mobile devices both
makes it easier for cybercriminals to socially engineer successful attacks and,
in the case of Goontact, run successful extortion campaigns. Acting on human
impulse, this scam begins when potential targets are lured into initiating a
conversation on websites offering escort services. In reality the targets
communicate with Goontact operators who later convince them to install mobile
applications meant to enhance the user experience. The mobile applications in
question appear to have no real user functionality, except to steal the
victim's personal data, that is then used by the attacker ultimately to extort
money from the target.
"It's no secret that mobile devices are a treasure trove for
cybercriminals," said Phil Hochmuth, Program Vice President of Enterprise
Mobility at IDC. "As the use of mobile devices continues to increase, so does
the maturity of iOS and Android cybercrime. Now more than ever, consumers must
be proactive in avoiding compromise with iOS and Android threat actors whose
main objective is to fleece them financially."
While the Goontact surveillance apps described in this
campaign are not available on Google Play or the iOS App Store, the duration,
tactics and breadth exhibited highlight the lengths to which malicious actors
will go in order to deceive victims and bypass built-in protections. Users of
Lookout mobile security products are protected from these threats.
To stay up to date on Lookout's latest discoveries, please
visit our Threat Advisory Services.