Quote:New spyware is targeting iOS and Android frequenters of adult mobile sites by posing as a secure messaging application in yet another twist on sextortionist scams.
 
The spyware, dubbed Goontact, targets users of escort-service sites and other sex-oriented services – particularly in Chinese-speaking countries, Korea and Japan, according to research published by Lookout Threat Intelligence on Wednesday.
 
The ploy and malware can ultimately be used to exfiltrate data from targets. Data siphoned from devices include phone number, contact list, SMS messages, photos and location information. The nature of the data sweep and the context of the attacks “suggests that the ultimate goal is extortion or blackmail,” researchers Robert Nickle, Apurva Kumar and Justin Albrecht observed in a report published online Wednesday.
 
Sextortionist scams, in which threat actors claim they have video or other information that links a potential victim to illicit activity that could threaten a marriage, job or other significant relationship or interest, are nothing new. However, attackers typically use email to deliver these type of scams, using a range of tactics to get past email defenses and trick victims.
 
The new campaign uses a different and evolving tack. It lures a potential target by inviting them through an ad on a hosted illicit site to connect with women for free by using KakaoTalk or Telegram secure messaging apps. If someone takes the bait and initiates a conversation, it is Goontact operators with whom the person makes contact, researchers said.
 
“Targets are convinced to install (or sideload) a mobile application on some pretext, such as audio or video problems,” they wrote. “The mobile applications in question appears to have no real user functionality, except to steal the victim’s address book, which is then used by the attacker ultimately to extort the target for monetary gain.”