Kaspersky Lab researchers have discovered ZooPark, a sophisticated cyberespionage campaign, which for several years has been targeting users of Android devices based in several Middle Eastern countries. Using legitimate websites as sources of infection, the campaign appears to be a nation-state backed operation aimed at political organizations, activists and other targets based in the region.

 

Recently, Kaspersky Lab researchers received something that seemed to be a sample of unknown Android-malware. At first glance, the malware appeared to be nothing serious: a technically very simple and straight-forward cyberespionage tool. Researchers decided to investigate further and soon discovered a far more recent and sophisticated version of the same app. They decided to call it ZooPark.

 

Some of the malicious ZooPark apps are being distributed from news and political websites popular in specific parts of the Middle East. They are disguised as legitimate apps with names like ‘TelegramGroups’ and ‘Alnaharegypt news’, among others, recognized in and relevant to some Middle Eastern countries. Upon successful infection, the malware provides the attacker with the following abilities:

 

Exfiltration:

  • Contacts
  • Account data
  • Call logs and audio recordings of the calls
  • Pictures stored on the SD card of the device
  • GPS location
  • SMS messages
  • Installed application details, browser data
  • Keylogs and clipboard data
  • Etc.

Backdoor functionality:

  • Silently sending SMS
  • Silently making calls
  • Execution of shell commands

 

An additional malicious function targets instant messaging applications, like Telegram, WhatsApp IMO; the web browser (Chrome) and some other applications. It allows the malware to steal the internal databases of the attacked apps. For example, with the web browser this would mean that stored credentials to other websites could be compromised as a result of the attack.

 

The investigation suggests that the attackers are focusing on users based in Egypt, Jordan, Morocco, Lebanon and Iran. Based on the news topics that the attackers used to lure victims into installing the malware, members of the United Nations Relief and Works Agency are among the possible targets of the ZooPark malware.

 

“More and more people use their mobile devices as their primary or sometimes even only communication device. And that is certainly being spotted by nation-state sponsored actors, who are building their toolsets so they will be efficient enough to track mobile users. The ZooPark APT, actively spying on targets in Middle Eastern countries, is one such example, but it is certainly not the only one,” said Alexey Firsh, security expert at Kaspersky Lab.

 

In total, Kaspersky Lab researchers were able to identify at least four generations of the espionage malware related to the ZooPark family, which has been active since at least 2015.

 

Kaspersky Lab products successfully detect and block this threat.

 

Read more about the ZooPark advanced persistent threat at Securelist.com


RECOMMENDED ARTICLE FOR TECHWORLD


 
NMW2017: Kaspersky Lab and AVL Software and Functions GmbH Pave the Way for Secure-by-Design Connected Cars
Techworld Date Posted: 18 September 2017 9:27 AM | 272 Views
In response to the rising cybersecurity challenges facing the connected and autonomous car industry, Kaspersky Lab and AVL Software and Functions GmbH have unveiled the Secure Communication Unit (SCU) at New Mobility World /.... See More
 
NMW2017: Kaspersky Lab and AVL Software and Functions GmbH Pave the Way for Secure-by-Design Connected Cars
Techworld Date Posted: 9:27 AM | 272 Views
In response to the rising cybersecurity challenges facing the connected and autonomous car industry, Kaspersky Lab and AVL Software and Functions GmbH have unveiled the Secure Communication Unit (SCU) at New Mobility World /...See More

 
Watch and Download Movie Life (2017)
Techworld Date Posted: 14 September 2017 2:13 PM | 455 Views
The Kaspersky Lab Anti-Malware Research team has identified two botnets made of computers infected with malware, which silently installs cryptocurrency miners - legitimate software used to create ("mine") virtual currencies based on blockchain technology. In.... See More
 
Watch and Download Movie Life (2017)
Techworld Date Posted: 2:13 PM | 455 Views
The Kaspersky Lab Anti-Malware Research team has identified two botnets made of computers infected with malware, which silently installs cryptocurrency miners - legitimate software used to create ("mine") virtual currencies based on blockchain technology. In...See More

 
Smart Eye: Kaspersky Lab Discovers Severe Flaws That Could Transform Popular Smart Cameras into Surveillance Tool
Techworld Date Posted: 13 March 2018 4:32 PM | 349 Views
Kaspersky Lab researchers have discovered multiple security vulnerabilities in popular smart cameras that are frequently used as baby monitors, or for internal home and office security surveillance. According to the research, the uncovered flaws.... See More
 
Smart Eye: Kaspersky Lab Discovers Severe Flaws That Could Transform Popular Smart Cameras into Surveillance Tool
Techworld Date Posted: 4:32 PM | 349 Views
Kaspersky Lab researchers have discovered multiple security vulnerabilities in popular smart cameras that are frequently used as baby monitors, or for internal home and office security surveillance. According to the research, the uncovered flaws...See More

 
From Newcomer to 2019’s Major Player: Realme Philippines’ Massive Expansion in 2 Months Just the Start
Techworld Date Posted: 15 January 2019 3:10 PM | 137 Views
Realme, the game changer smartphone brand, came to the Philippines in late 2018 to strengthen its Southeast Asian foothold with the promise of delivering powerful mobile performance and contemporary style that are attainable by.... See More
 
From Newcomer to 2019’s Major Player: Realme Philippines’ Massive Expansion in 2 Months Just the Start
Techworld Date Posted: 3:10 PM | 137 Views
Realme, the game changer smartphone brand, came to the Philippines in late 2018 to strengthen its Southeast Asian foothold with the promise of delivering powerful mobile performance and contemporary style that are attainable by...See More

 
Transcend® Offers a New Perspective with the DrivePro Body 60 Body Camera
Techworld Date Posted: 5 June 2018 10:44 AM | 326 Views
Transcend® Information, Inc. (Transcend®), a leading manufacturer of storage and multimedia products, proudly introduces the DrivePro Body 60 body camera. This state-of-the-art POV tethered camera is designed specifically for military and public safety professionals.... See More
 
Transcend® Offers a New Perspective with the DrivePro Body 60 Body Camera
Techworld Date Posted: 10:44 AM | 326 Views
Transcend® Information, Inc. (Transcend®), a leading manufacturer of storage and multimedia products, proudly introduces the DrivePro Body 60 body camera. This state-of-the-art POV tethered camera is designed specifically for military and public safety professionals...See More

 
SILVERSTONE TECHNOLOGY LAUNCHES 2018 PRODUCT LINE
Techworld Date Posted: 4 May 2018 3:22 PM | 547 Views
SilverStone Technology Co., Ltd. (SST), one of the biggest designers and manufacturers of computer parts and accessories in the world introduces their 2018 product line in the Philippines with a Launch Party for its.... See More
 
SILVERSTONE TECHNOLOGY LAUNCHES 2018 PRODUCT LINE
Techworld Date Posted: 3:22 PM | 547 Views
SilverStone Technology Co., Ltd. (SST), one of the biggest designers and manufacturers of computer parts and accessories in the world introduces their 2018 product line in the Philippines with a Launch Party for its...See More

 
Team Group Leads Industry with MoStash Reader for iOS and the WC0C Charging Cable with 3-in-1 Connector
Techworld Date Posted: 8 September 2017 1:29 PM | 297 Views
September 7th, 2017, Taipei, Taiwan - Team Group is continuously dedicated to satisfying the needs of our consumers in every aspect so today Team Group announces the latest mobile peripherals with rich features with.... See More
 
Team Group Leads Industry with MoStash Reader for iOS and the WC0C Charging Cable with 3-in-1 Connector
Techworld Date Posted: 1:29 PM | 297 Views
September 7th, 2017, Taipei, Taiwan - Team Group is continuously dedicated to satisfying the needs of our consumers in every aspect so today Team Group announces the latest mobile peripherals with rich features with...See More

 
GALAX’s Overclocking/eSports Carnival 2017 to Take Place in Bangkok, Thailand
Techworld Date Posted: 18 November 2017 9:59 AM | 424 Views
It’s that time of the year for GALAX most highlighted annual event, the GALAX Overclocking and eSports Carnival 2017 (GOC/GEC).. See More
 
GALAX’s Overclocking/eSports Carnival 2017 to Take Place in Bangkok, Thailand
Techworld Date Posted: 9:59 AM | 424 Views
It’s that time of the year for GALAX most highlighted annual event, the GALAX Overclocking and eSports Carnival 2017 (GOC/GEC).See More

 
Fortinet Positioned Furthest for Completeness of Vision in the Challengers Quadrant of Gartner’s First Magic Quadrant for WAN Edge Infrastructure
Techworld Date Posted: 28 November 2018 1:24 PM | 155 Views
Fortinet® (NASDAQ: FTNT), a global leader in broad, integrated and automated cybersecurity solutions, has announced their inclusion in Gartner’s first Magic Quadrant for WAN Edge Infrastructure as a Challenger with the furthest placement for.... See More
 
Fortinet Positioned Furthest for Completeness of Vision in the Challengers Quadrant of Gartner’s First Magic Quadrant for WAN Edge Infrastructure
Techworld Date Posted: 1:24 PM | 155 Views
Fortinet® (NASDAQ: FTNT), a global leader in broad, integrated and automated cybersecurity solutions, has announced their inclusion in Gartner’s first Magic Quadrant for WAN Edge Infrastructure as a Challenger with the furthest placement for...See More

 
Kaspersky Lab Appeals U.S. Department of Homeland Security Debarment
Techworld Date Posted: 19 December 2017 11:46 AM | 290 Views
Kaspersky Lab announced today that it is seeking an appeal in federal court of U.S. Department of Homeland Security’s (DHS) decision on Binding Operational Directive 17-01 banning the use of the company’s products in.... See More
 
Kaspersky Lab Appeals U.S. Department of Homeland Security Debarment
Techworld Date Posted: 11:46 AM | 290 Views
Kaspersky Lab announced today that it is seeking an appeal in federal court of U.S. Department of Homeland Security’s (DHS) decision on Binding Operational Directive 17-01 banning the use of the company’s products in...See More


Power by

Download Free AZ | Free Wordpress Themes