A newly discovered form of spyware has been found that can steal data from both iOS and Android users.

Dubbed “Goontact” by researchers at cybersecurity firm Lookout Inc., the spyware is offered through illicit sites such as those offering escort services then steals personal information from those who visit. Data stolen can include device identifiers and phone numbers, contacts, SMS text messages, photos on external storage and location information with the researchers believing that the ultimate goal of stealing the data is extortion or blackmail.

“Tablets and smartphones are a treasure trove of personal data,” the researchers noted. “These devices store private data, such as contacts, photos, messages and location. Access to all of this data enables cybercriminals like the operators of Goontact to run a successful extortion campaign.”

The extortion in this case, also described as sextortion, is said to be primarily targeting Chinese-, Japanese- and Korean-speaking people in multiple Asian countries. Potential targets are lured to a site where they are invited to connect with women using services such as Telegram. Instead, they communicate with Goontact operators who convince the target to install or side-load a mobile application, which has no function other than to steal the victim’s data.

That iOS users are being targeted as well is of interest since it’s usually Android users who are targeted by malware. In this case, targets are persuading iOS users to side-load an IPA file from a distribution site that abuses the Apple Inc. enterprise provisioning system. The IPA file is required to contain a mobile provision profile with an enterprise certificate. Those behind Goontact were able to obtain enterprise certificates associated with legitimate businesses.

The researchers do not believe those behind Goontact are nation-state sponsored but more likely an online criminal group looking to profit from their victims.

“Mobile users have long proven to be highly vulnerable to social engineering scams,” Jelle Wieringa, security awareness advocate at security awareness training company KnowBe4 Inc., told SiliconANGLE. “With so many alluring apps offering free and fun functionality, many users will be tempted to install them and try them out. Often times, they do this without realizing that not all creators of such apps have honest and good intentions.”

Incidents like these only prove that users need to be educated to recognize this sort of scam, Wieringa added. “‘Think before you click’ applies to every aspect of our digital lives,” he said. “Whether it be phishing emails, what websites you visit or what applications you install on your phone.”

Image: Lookout