The Goontact Malware is a newly discovered malware strain deployed against targets in Chinese-speaking countries, Korea and Japan. The goal of the Goontact Malware is to infect the device of the user and then harvest various data kinds from it. Among the information that is being compromised are the user's contacts, SMS messages, photos, phone identifier details and geolocation. The malware threat is capable of infecting Android and Apple devices with a different version dedicated to each mobile environment.
The attack vector of the threat is through malware-laced applications distributed on third-party websites. The number of different applications employed in this operation is staggering, but most of them use the same tactic to lure potential victims. The malware-carrying applications masquerade as free instant messaging platforms dedicated to offering escort services. So far, around 35 distinct websites have been detected to peddle Goontact-infected applications.
None of the threatening applications have managed to make their way onto the official Google and Apple application stores, and both companies have taken measures to protect their clients after being made aware of this new malware strain. Still, infosec researchers warn that the information already scraped by Goontact has exfiltrated to servers under the hackers' control responsible for unleashing the threat. The criminal can use the gathered data to conduct a sextortion scheme. The crux of this tactic revolves around the hackers threatening to expose the user's attempts to arrange sexual encounters to their friends, family, and business contacts, if their demands, usually a payment of ransom, are not met.