New spyware has been detected by security researchers that is targeting Android and iOS users. It has spying and surveillance capabilities.
Dubbed ‘Goontact’, this spyware was designed to infiltrate victim’s phones and collect data such as phone identifiers, contacts, SMS messages, photos and location information.
The target audience seems to be limited at the moment to target only people in Chinese speaking countries, Japan and Korea, reported Lookout, the mobile security firm that detected the malware.
It also added that the malware is distributed through third-party sites appearing to advertise free instant messaging apps for escort services. Many users have unknowingly downloaded these apps but the malware hasn’t yet reached the official Google and Apple app stores.
Lookout also thinks that it the spyware is likely managed b Chinese-speaking threat actors based on the language used for the admin panels of the online servers. The information obtained from the spyware is sent to these servers.
Despite the lack of evidence at the moment, Apurva Kumar, Staff Security Intelligence Engineer at Lookout believes that the data collected through these apps could be used to leverage small ransoms from victims or expose personal sexual stories to contacts.
“We have notified both Google and Apple of this threat and are actively collaborating with them to protect all Android and iOS users from Goontact,” assured Kumar, speaking of the steps they have taken to counter this attack.
She also added that Apple has revoked the enterprise certificates used to sign the apps and, as a result, the apps will stop working on devices. In addition, Play Protect will Play Protect will notify a user if any Goontact Android samples are installed on their device.
The sites that sell Goontact-infected apps are listed below.
