Android-based espionage spreading through legitimate websites


A new sophisticated cyber espionage campaign, ZooPark was discovered by Kaspersky Lab researchers, which has been active for several years. Android devices based in Middle Eastern countries have been their main targets.

When the researchers first spotted the malware, it seemed to be a simple Android-Malware a technically very simple and straight-forward cyberespionage tool. But once they started investigating it was far more complex, recent and sophisticated version of the previous app. Hence, they named it  ZooPark.

The malicious malware is being distributed through legitimate websites like popular news and political websites. Once the devices get infected by the malware, it provides the attacker full control of your device.

Through this hackers can easily view all your contacts, account data, they can see your call logs and record audio of the calls, they can access all your personal pictures stored on the SD card of the device, track your current location, read your personal SMS messages, application details, browser data, Keylogs,  and clipboard data

Other than the following things they can use your device to send SMS, make calls, and Execute shell commands without your knowledge.

The ZooPark malware targets messaging applications, like Telegram, WhatsApp IMO; the web browser (Chrome) and some other applications.

The attackers are mainly focusing on users based in Egypt, Jordan, Morocco, Lebanon, Iran, and members of the United Nations Relief and Works Agency.

 “More and more people use their mobile devices as their primary or sometimes even only communication device. And that is certainly being spotted by nation-state sponsored actors, who are building their toolsets so they will be efficient enough to track mobile users. The ZooPark APT, actively spying on targets in Middle Eastern countries, is one such example, but it is certainly not the only one,” – said Alexey Firsh, a security expert at Kaspersky Lab.

Kaspersky Lab researchers have been able to identify and block four generations of the espionage malware related to the ZooPark family.

All product of Kaspersky Lab is free from this threat.

Leave a Reply