New spyware is currently plaguing iOS and Android users. The Spyware seems like an extension of the extortion scheme carried over via illicit websites. The malware or rather ransomware called “Goontact.”
The malware preys on unsuspecting users and steals personal information, including contacts, SMS, photos from an iPhone. It seems like the ransomware is mostly affecting Asian countries like China, Korea, and Japan. Security researchers from Lookout reveal that the malware is installed when the user visits illicit websites.
The modus Operandi involves luring users to illicit websites. Furthermore, Goontact operators pretending to be escorts encourage users to sideload an iOS app. Once installed, the app promptly steals users’ private information. Eventually, the attackers resort to blackmail and extortion.
Interestingly, the spyware uses an Apple enterprise developer certificate that looks very legit. All the certificates refer to legitimate companies. The question is whether the companies are compromised or if the operators have obtained certificates through scrupulous means. Security researchers also found that multiple certificates were being revoked. However, the operators always managed to source new certificates.
How to stay safe?
Goontact is widespread in certain Asian countries. In the meantime, the same strain could be modified to attact users in other countries as well. The attackers are still relying on social engineering techniques. In other words, you will be safe from spyware as long as you don’t download the app from outside the App Store. Or you can download apps directly from official websites of trustworthy developers.
Apple is working on revoking certificates that were used in the scam except for a developer whose account was compromised. Apple says all the certificates will be revoked by the end of this week.[via LookOut]