Android users hit by ZooPark malware stealing data & recording calls [source: hackread]
by CIRT Team
Kaspersky Lab has discovered a brand new cyber-spying campaign targeting Android users via Telegram chat app and infected websites while watering holes is the preferred attack vector. Watering holes is a technique in which famous websites are infected with malware so that visitors unknowingly get their devices infected.
The main targets of this campaign are users in the Middle East and North Africa (primarily Morocco, Egypt, Lebanon, Jordan, and Iran). Researchers claim that there are four different versions of the malware, dubbed as “ZooPark,” that have been identified so far. It is believed that the malware was developed between June 2015 and 2017 and each version was advanced than the previous one.
“From the technical point of view, the evolution of ZooPark has shown notable progress: from the very basic first and second versions, the commercial spyware fork in its third version and then to the complex spyware that is version 4,” wrote Kaspersky Lab researchers.
The most recent version that has been identified by Kaspersky Lab can exfiltrate vast reserves of data including contacts information, text messages, keylogs, call audio, GPS location and other important data from the device.
It can also capture images, screenshots and record audio/video conversations, which researchers are claiming to be an “interesting” capability as it shows the extent to which malware developers have improved the code functionality over the years. They have managed to transform it into a very sophisticated malware so it is evident that this version might have been created using “specialist surveillance tools.
A number of news websites are identified to be infected by the hackers so as to redirect visitors to downloading link that infects the device with malicious APKs.
After the infection process is successfully completed, ZooPark starts stealing private and confidential data from the device, for which it not only scans system memory but also the data stored on SD card. It obtains details about installed applications, clipboard data, and browser data too.
For more, click here.