A new form of spyware has been discovered, with the capabilities to steal data from both iOS and Android users. Researchers at the cybersecurity firm, Lookout have named it ‘Goontact.’ The spyware is used on adult websites that offer other things like escort services.
Those who visit the sites have their information stolen. The kind of data stolen includes things like device identifiers, contacts, phone numbers, photos, SMS text messages, and even things on external storage.
The ultimate goal of stealing such information is to extort or blackmail the individuals to whom it belongs. Phones and tablets are the ultimate treasure trove of such information.
Extortion and deceit on the internet
The devices targeted are personal and contain a lot of private information like messages, location, photos, contacts, and other sensitive information. Access to such data ensures that cybercriminals can run successful extortion campaigns.
The extortion, or sextortion, in the case of Goontact, primarily targets Chinese, Japanese and Korean-speaking people in several Asian nations. The potential targets are tricked into getting onto the site where they are invited to connect with women on social media platforms like Telegram.
Instead of getting the women, they communicate with Goontact operators who convince the targets to side-load or install a mobile app that does nothing other than stealing information.
iOS users are not protected
Usually, Android users are the ones who face the brunt of these attacks. However, iOS users are not exempt either. The targets are convinced to side-load an IPA file from a distribution site that takes advantage of Apple’s enterprise provisioning system.
The IPA file is required to have a mobile provision profile with an enterprise certificate within it. Those running Goontact were able to get enterprise certificates associated with legitimate businesses.
The only hope for targets is never to follow instructions from strangers on the internet.