Once again, third-party app users need to remain vigilant as a new malware is in the wild. Dubbed Goontact, the spyware impersonates messaging apps to trick users. It’s presently targeting both Android and iOS users alike.
Goontact Spyware Impersonates Messaging Apps
Researchers from the Lookout Threat Intelligence team have discovered a new malware, the Goontact spyware, in the wild. This malware masks itself as secure messaging apps to trick users.
At present, the malware hasn’t reached the official App Store and Play Store for iOS and Android devices respectively. However, it has flooded numerous third-party app stores from where it aims for both Android and iOS users.
Upon reaching the device, the malware collects sensitive details from the device including users’ data. According to the researchers, this information, in turn, allows the attackers to run extortion campaigns.
Specifically, some of the information that the malware collects includes SMS, photos (on external storage), contacts, location data, phone number, and the device identifier.
Both the iOS and Android malware versions steal data, but the latter is more feature-rich.
To trick users, the malware lures them into installing the app by offering dating opportunities. However, as a matter of fact, the victim never gets a chance to chat with any human user. Thus, ends up falling prey to the spyware.
Technical details about Goontact are available in the researchers’ post.
Campaign Targeting Asian Users
The researchers observed that the campaign specifically targets Asian users – that too – in China, Thailand, Vietnam, Korea, and Japan. The malicious apps bearing the spyware also display such languages to bluff users.
The researchers believe that the campaign may spread further to target more users.
While the Goontact surveillance apps described in this campaign are not available on Google Play or the iOS App Store, the duration, breadth and tactics exhibited highlight the lengths malicious actors will go to deceive victims and bypass built-in protections.
Therefore, users should remain very careful while clicking on links and sideloading apps from third-party stores on their devices.