Lookout experts spoke about the Goontact spyware, which lures Android and iOS users with an obscene content, stealing and then using their personal data for blackmail.Currently, the malware spreads through third-party sites and is most often disguised as special messengers to communicate with escort service workers.
Moreover, the target audience of these resources is limited to Chinese-speaking countries, as well as Korea and Japan. The researchers note that, judging by the language used in the admin panels on the attackers’ servers, Goontact is controlled by criminals who speak Chinese.
Once infiltrated on the user’s device, Goontact-infected applications steal victim’s personal information, including photos, SMS messages, contact lists, device IDs and phone numbers, and so on.
The company says that overall, Goontact’s activity is very similar to another malicious campaign, also aimed at data theft, described by Trend Micro back in 2015.
Lookout analysts believe that the data collected with the help of malicious applications can later be used to extort small ransoms from victims, otherwise the attackers threaten to disclose the victim’s sexual contacts to his friends and acquaintances.
A complete list of all Goontact infected applications and indicators of compromise can be found on the company’s blog.
Let me remind you that I also wrote about the fact that Sextortion ransomware writes letters in foreign languages to bypass filters.
User Review( votes)