A highly advanced malware capable of stealing almost everything stored on an Android smartphone and intended for espionage has been spotted online. It has been in existence since June 2015 and was recently discovered by security firm Kaspersky Lab.
The polished malware, christened “ZooPark”, is designed to conduct specialized attacks to steal information including contacts, media, call history and messages, browser history, and even recording or initiating calls. ZooPark, as per Kaspersky Labs, appears to be meant to launch attacks on other countries for espionage.
The Android malware is equipped with a keylogger and can record anything that is typed, especially usernames and passwords. The malware also has the ability to capture screenshots and take photos using the smartphone’s camera without the owner’s notice. The attack has predominantly been deployed in the Middle East, including countries like Egypt, Lebanon, and Jordan and is supposedly used to target high-profile Android users with the intentions of political interference or stealing confidential information.
This has been proposed because despite being very complex and sophisticated, the malware has attacked fewer than a hundred victims. It appears that the victims are specially selected and the attack is launched as part of a bigger secret operation. Its covert nature has also made it difficult to be discovered by researchers.
Moreover, Kaspersky labs – without pointing fingers at any nation specifically – said that the group spreading ZooPark appears to have a solid background and experience of espionage and cyber attacks. Apparently, the group also has a lot of resources – considering the complexity of ZooPark.
Kaspersky has revealed that the malware is being spread via Telegram and indicated that it could also be used to target not only politicians but also rights activists and whistle-blowers in the regions. The attackers have also sieged many legitimate websites to spread the malware.