• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • March 8th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Security
Malware

Android users hit by ZooPark malware stealing data & recording calls

May 5th, 2018 Waqas Malware, Security 0 comments
Android users hit by ZooPark malware stealing data & recording calls
Share on FacebookShare on Twitter

Kaspersky Lab has discovered a brand new cyber-spying campaign targeting Android users via Telegram chat app and infected websites while watering holes is the preferred attack vector. Watering holes is a technique in which famous websites are infected with malware so that visitors unknowingly get their devices infected.

The main targets of this campaign are users in the Middle East and North Africa (primarily Morocco, Egypt, Lebanon, Jordan, and Iran). Researchers claim that there are four different versions of the malware, dubbed as “ZooPark,” that have been identified so far. It is believed that the malware was developed between June 2015 and 2017 and each version was advanced than the previous one.

“From the technical point of view, the evolution of ZooPark has shown notable progress: from the very basic first and second versions, the commercial spyware fork in its third version and then to the complex spyware that is version 4,” wrote Kaspersky Lab researchers.

The most recent version that has been identified by Kaspersky Lab can exfiltrate vast reserves of data including contacts information, text messages, keylogs, call audio, GPS location and other important data from the device.

It can also capture images, screenshots and record audio/video conversations, which researchers are claiming to be an “interesting” capability as it shows the extent to which malware developers have improved the code functionality over the years. They have managed to transform it into a very sophisticated malware so it is evident that this version might have been created using “specialist surveillance tools.”

android-users-hit-by-zoopark-spyware-stealing-data-recording-calls

Evolution of ZooPark malware features (Credit: Kaspersky Lab)

A number of news websites are identified to be infected by the hackers so as to redirect visitors to downloading link that infects the device with malicious APKs.

After the infection process is successfully completed, ZooPark starts stealing private and confidential data from the device, for which it not only scans system memory but also the data stored on SD card. It obtains details about installed applications, clipboard data, and browser data too.

Malware developers are using Telegram channels to spread the malware. Kaspersky report describes that one of the channels used for this malicious purpose was active between 2015 and 2016 and the infected links that it distributed were of an illegitimate app for Iranian province Kurdistan. Consequently, Telegram chat app has been blocked in Iran.

Also mentioned in the report are examples of various famous Arabic news websites that also were used as watering holes for the cyber-espionage campaign.

Nearly 100 targets have so far been detected by Kaspersky, claims malware analyst at the firm Alexey Firsh, and there is also an indication that the targets are specially selected. There are also hints on the involvement of a nation-state in this campaign, states Firsh.

“More and more people use their mobile devices as a primary – or sometimes even only – communication device. That is certainly being spotted by nation-state sponsored actors, who are building their toolsets so they will be efficient enough to track mobile users.”

  • Tags
  • Android
  • Egypt
  • hacking
  • internet
  • Iran
  • Lebanon
  • Malware
  • Morocco
  • security
  • Spyware
  • Telegram
Facebook Twitter LinkedIn Pinterest
Previous article Abbott to fix critical vulnerabilities in 350,000 ICDs & Pacemakers
Next article Man hacked 200 firms & sold data of millions of users on dark web
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
Microsoft, FireEye report 3 new malware linked to SolarWinds hackers

Microsoft, FireEye report 3 new malware linked to SolarWinds hackers

Threat actors hijacking Bitbucket and Docker Hub for Monero mining

Threat actors hijacking Bitbucket and Docker Hub for Monero mining

IT Security firm Qualys extorted by Clop gang after data breach

IT Security firm Qualys extorted by Clop gang after data breach

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
John McAfee Charged with Fraud in Cryptocurrency Scam
Cyber Crime

John McAfee Charged with Fraud in Cryptocurrency Scam

U.S. DOJ warns of fake unemployment benefit websites stealing data
Cyber Crime

U.S. DOJ warns of fake unemployment benefit websites stealing data

Microsoft, FireEye report 3 new malware linked to SolarWinds hackers
Cyber Attacks

Microsoft, FireEye report 3 new malware linked to SolarWinds hackers

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us