Si Cyber Intel: Android-based Malware ‘ZooPark’ Targets Victims Across The Middle East
Four different variants of a malware named ZooPark have been discovered by Kapersky Lab.
The malware, which has been active since 2015, has been directly targeting victims across the Middle East who have a political or activist aversion. To date, victims have been predominantly based in Egypt, Jordan, Morocco, Lebanon and Iran and they are targeted through their Android devices.
ZooPark disguises itself as a legitimate app appearing as popular political websites and news with recognisable and believable names such as ‘Kurdistan referendum'. Once the malware has infected the victim’s device successfully, it gives the attacker access to its users, contacts, account data, call logs and any voice recordings saved, pictures/videos, SMS messages, GPS location, installed application details and browser data (compromising the stored credentials) and clipboard data.
ZooPark uses a backdoor functionality to initiate text messages and phone calls and it can also target the users’ instant messaging apps such as WhatsApp allowing the attacker to steal the internal databases of these apps.
How To Defend Yourself
To mitigate these types of malware, we recommend that users are aware of the following:
- Avoid installing mobile applications from unknown sources. By default, Google prevents users from installing apps from sources other than the Play Store. We recommend that you leave the installation of apps from unknown sources disabled
- Avoid opening links received by SMS messages, WhatsApp or other applications from unknown sources
- Avoid downloading third-party applications or responding to suspicious messages
For information about Si Cyber’s malware detection and response capabilities, please contact firstname.lastname@example.org