Security researchers have found a new spyware in both iOS and Android that will collect contacts, phone identifiers, SMS messages, location information, and photos of infected victims.
According to a blog published by mobile security firm Lookout that detected the malware, which is being distributed through third-party websites that promotes free instant messaging apps committed to reach escort services. These sites targets audiences including Japan, Korea, and Chinese speaking countries.
In an email sent to ZDNet, Kumar have notified both Apple and Google of this threat and they are already cooperating with Lookout to protect all iOS and Android users from Goontact.
Lookout security engineer noted that Apple revoked the enterprise certificates, which are used to sign the apps, so they will already stop working on their devices. Meanwhile, Google's Play Protect will notify users if a Goontact app are installed on their Android device.
Goontact uses mobile provisioning profiles of legitimate companies
Goontact has infected too many apps, and the complete list can be found at the end of the Lookout report. In fact, Lookout discovered that these cybercriminal use legitimate enterprise mobile provisioning profiles. The list includes companies that are registered in the United States and in China that spreads across different sectors like the credit unions, railroad as well as power generation companies.
Meanwhile, Lookout does not believe this campaign is not operated by nation state actors, but by a crime group. However, the security firm would need to uncover definitive infrastructure links to confirm their theory. "We believe it is highly probable that Goontact is the newest addition to this threat actor's arsenal," Lookout wrote in its report adding that the iOS component of this scam campaign was not yet reported before.
Related article: Researchers Use Machine-Learning Method to Improve Bloom Filter for Fake News Detection on Social Media
This is owned by Tech Times
Written by CJ Robles
