Experts On Android And iOS Users Blackmailed by ‘Goontact’ Spyware

Security researchers have discovered a new variant of spyware that’s targeting iOS and Android users as part of an international sextortion scam. According to a blog post by researchers at cyber security firm Lookout, the spyware, called Goontact, has been found in multiple Asian countries and targets users of illicit sites and steals personal information stored on their mobile devices. Researchers said the types of sites used to distribute these malicious apps and the information exfiltrated suggests that the ultimate goal is extortion or blackmail. The spyware often disguises itself as secure messaging applications and can exfiltrate a wide range of data, such as device identifiers and phone number, contacts, SMS messages, photos on external storage, and location information. While it is not presently known who is behind Goontact, it is the newest addition to a crime affiliate’s arsenal, rather than nation-state actors, said, researchers.

Full story here: https://blog.lookout.com/lookout-discovers-new-spyware-goontact-used-by-sextortionists-for-blackmail

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Jelle Wieringa
Jelle Wieringa , Technical Evangelist
InfoSec Expert
December 19, 2020 4:49 pm

Mobile users have long proven to be highly vulnerable to social engineering scams. With so many alluring apps offering free and fun functionality, many users will be tempted to install them and try them out. Often times, they do this without realizing that not all creators of such apps have honest and good intentions.

Given that apps are so easy to install and use, and that it\’s often unclear what permissions users accept when installing these apps, it is no surprise that malware like this is so widespread.

And although it appears to focus on Chinese-speaking countries for now, I have no doubt that it will spread across the globe quickly.

Incidents like these only prove that we need to pay more attention to educating the end user to recognize this sort of scam. \’Think before you click\’ applies to every aspect of our digital lives. Whether it be phishing emails, what websites you visit or what applications you install on your phone.

Last edited 1 year ago by Jelle Wieringa
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x