- Reddit links leaked trade deal documents to Russian campaign Today 10:44 AM
- How to stream Alistair Overeem vs. Jairzinho Rozenstruik Today 8:30 AM
- Amazon sends customers condoms and soap instead of Nintendo Switch Today 8:28 AM
- How to live stream Jermall Charlo vs. Dennis Hogan Today 8:00 AM
- Apple TV’s ‘Truth Be Told’ is a criminally dull drama Today 6:00 AM
- Thousands of Uber users have reported sexual assaults, company says Friday 5:40 PM
- ‘Astronomy Club’ reformats the sketch show Friday 4:58 PM
- Trump is concerned America’s toilets too weak Friday 3:53 PM
- Twitter users claim Billie Eilish is ‘over’ because she didn’t like Lady Gaga’s meat dress Friday 2:53 PM
- Nikki Haley says the Confederate flag was fine until Dylann Roof ‘hijacked’ it Friday 2:49 PM
- How emotional labor discourse spawned multiple memes Friday 2:22 PM
- Video of YouTuber Onision threatening ex-girlfriend resurfaces Friday 2:03 PM
- Marianne Williamson embraces anti-vax stance on Facebook Friday 1:58 PM
- Peloton Husband is worried memes will have ‘repercussions’ for his career Friday 1:55 PM
- ‘The Mandalorian’ stumbles as it returns to a familiar planet Friday 1:47 PM
Dubbed ZooPark, the sophisticated attack discovered by Kaspersky Lab has primarily been used on targets in the Middle East for the past three years. Alexey Firsh, a security expert at the embattled cybersecurity firm, told the Daily Dot that there have been several dozen victims, “up to 100” based on internal statistics and sinkhole server data. The low number suggests the attack targets select users and may be backed by a nation-state.
Most concerning is how the malware has evolved over the years. In its earliest stage, it would mimic the Telegram application and only steal contacts from an address book and accounts registered on the device. A second version expanded its functionality with spying features for GPS location, SMS messages, call logs, and some other general information. Another update improved the malware by allowing it to steal audio recordings of phone calls, browser data including bookmarks and history, information on installed apps, and photos from memory cards.
The latest improvements can steal search history, clipboard data, and keylogs. Given the huge jump in advancement from the third version, Kaspersky believes the newest update was made using commercial spyware purchased from vendors of specialist surveillance tools.
“This malware is an example of mobile spyware that is able to remotely control a device and to steal almost all confidential information from it,” Firsh said.
The attack was spread through two different pipelines, the Telegram instant messaging app and watering holes. Watering hole exploits are when bad actors attempt to attack a specific group of users by infecting a website they are known to frequently visit. According to Kaspersky, the Al-Nahar news site, the 19th most popular website in Egypt, and its sister site in Lebanon were exploited to distribute the malware. French fashion site Showroom Montorgueil was also found hosting the malicious code.
The malware has been most active in Egypt, Jordan, Morocco, Lebanon, and Iran. Current evidence suggests it targeted individuals voting for a 2017 independence referendum in Kurdistan, along with other high-profile groups like the United Nations Relief and Works Agency for Palestine Refugees in the Near East.
Firsh says this particular threat is mostly contained within a specific geographical region, but Android users should still be concerned about their privacy, given the increasing amount of attacks targeting the operating system. The ZooPark malware is still active. Kaspersky did not notify Google of the attack because the malware was not found in the official Google Play app store.
“In general, Android users should only download apps from the official Google Play store, to lessen the threat of downloading a malicious application,” Firsh noted. “Even when downloading from official stores, always double-check the name of the application and creator and be cautious of those that you are unfamiliar with. Finally, consider installing an antivirus solution on your Android device, which can protect against advanced threats like ZooPark.”
Google did not respond to our request for comment.
Phillip Tracy is a former technology staff writer at the Daily Dot. He's an expert on smartphones, social media trends, and gadgets. He previously reported on IoT and telecom for RCR Wireless News and contributed to NewBay Media magazine. He now writes for Laptop magazine.