ZooPark: New malware campaign targeting Android devices

© Provided by: pestaola.gr

Kaspersky Lab researchers have discovered “ZooPark”, a sophisticated digital espionage campaign that has been targeting Android devices for several years, based in several Middle Eastern countries.

Using legitimate websites as sources of “contamination”, the campaign appears to be supported by nation-states and targets political organizations, activists and other targets based in this wider region.

Recently, Kaspersky Lab researchers took something that looked like a sample of unknown Android malware. At first glance, malicious software did not seem to be anything serious: a technically very simple, “clear intention” tool for digital espionage. The researchers decided to explore it further and soon discovered a much more recent and sophisticated version of the same application. They decided to call it “ZooPark”.

Some of “ZooPark’s” malicious apps are distributed through news and political sites that are popular in specific parts of the Middle East. They are disguised as legitimate applications with names like ‘TelegramGroups’ and ‘Alnaharegypt news’, among others, recognized and relevant to some Middle Eastern countries. After successful “infection”, malicious software provides the attacker with the following capabilities:

Filtration:

• Contacts
• Account data
• Call logs and call records
• Images stored on the SD card of the device
• GPS position
• SMS messages
• Installed application details, browser data
• Keylogs and clipboard data
• etc.

Backdoor Mode:

• Silent SMS sending
• Silent calls
• Run shell commands

An additional malicious feature targets instant messaging applications such as “Telegram”, “WhatsApp”, “IMO”, web browser (“Chrome”), and some other applications. Allows malware to steal internal databases from attacked applications. For example, an attack on the web browser would mean that the saved login information on other websites could be compromised as a result of the attack.

The survey shows that attackers are targeting users based in Egypt, Jordan, Morocco, Lebanon and Iran. Based on news topics that attackers used to attract victims to install malicious software, members of the United Nations Relief and Works Agency are among the possible targets of malicious software “ZooPark”.

Overall, Kaspersky Lab researchers have identified at least four generations of malware spyware related to the “ZooPark” family, which has been active since at least 2015.

© Provided by: pestaola.gr

Source: www.pestaola.gr