Updated Version of ZooPark App Steals Data from Android Devices
Cybersecurity company Kaspersky warns that a well-known malware attacking Android devices has returned with an updated and even more powerful version. Called ZooPark, the malicious app has been threatening mobile devices since the middle of 2015, yet now researchers claim it has been equipped with additional capabilities to harm users.
In an in-depth analysis of ZooPark published at the beginning of last month, Kaspersky's experts describe in detail all the features and abilities of the malware's fourth generation, stating that it facilitates cyber espionage campaigns targeting mostly countries in the Middle East region. Respectively, most of the known victims have been located in Morocco, Iran, Egypt, Lebanon, and Jordan. As for the distribution vectors, ZooPark usually spreads through Telegram channels and hacked websites where users are redirected to links hosting malicious APKs with the attacks exploiting themes like "TelegramGroups," "Kurdistan Referendum," and "Alnaharegypt news." Just like most other types of malware targeting Android devices, ZooPark requires manual installation of the malicious file by the user, which means that users could easily avoid the infection by simply rejecting APK files coming from untrusted publishers.
Once installed on a device, however, the latest version of ZooPark can impose serious harm as it has the necessary functionalities to extract data and to open backdoors for additional malware threats to sneak in. In fact, Kaspersky claims that the fourth version of ZooPark can do virtually anything related to spying on the users of compromised devices – it is capable of collecting information on contacts, GPS location, call logs, accounts, text messages, etc. Furthermore, the malware can analyze the history of the installed Internet browsers, as well as get access to the user's photos, clipboard data, videos and audio files, and installed applications. Making screenshots and sending them to its author, as well as receiving and executing power shell commands are also among ZooPark's capabilities. Apart from that, the sophisticated threat can also make phone calls and send SMS messages on behalf of the infected phone's owner.
Kaspersky says it is possible that ZooPark has been initially developed by a state-supported actor, however, the researchers suspect that the latest version of the malware has been put into action by vendors of specialist surveillance tools. The market for such cyber espionage applications is growing fast, and it is becoming very popular among governments of countries, particularly in the Middle East. Yet, the report published by Kaspersky does not make explicit attribution of the attacks to any known hacking group or individual actor.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.