New ZooPark Malware Attacks Android Device Owners via Legitimate Website Telegram

Kaspersky Lab has published a report announcing the ongoing campaign of ZooPark that executes sophisticated attacks of cyber-espionage.

The Moscow headquartered Internet security firm states that for years Android device owners have been targeted with the malware across the countries of Middle East. Also the campaign seems to be an operation receiving support of certain nation-state as it is aimed at activists as well as other targets besides political organizations working within the region.

The latest malicious program ZooPark resorts to genuine websites to spread its contamination states the multinational anti-virus and cyber-security vendor through one survey publicly released May 3, 2018.

ZooPark in the guise of legitimate applications spread from political and news portals widely visited across the region. A particular vector was the widely accessed messaging application Telegram that encrypts messages from end-to-end and that Iran has very recently banned as it was getting utilized for coordinating unlawful activities, reports Islamic Republic News Agency.

Further according to that news agency, ZooPark looks like genuine applications with names such as "Alnaharegypt news" and "TelegramGroups," attacking instant messaging apps such as WhatsApp IMO, Telegram along with Chrome the popular browser as also a few other apps. En.yabiladi.com posted this, May 9, 2018.

Security investigators from Kaspersky initially thought that the malware was some ordinary cyber-espionage program. But when they investigated deeper they found the app in one new and advanced edition that they dubbed ZooPark. Further, they even spotted no less than 4 generations of malicious software pertaining to ZooPark group of strains starting since 2015 at least.

It's indicative from the research that ZooPark perpetrators preferably target end-users in Morocco, Jordan, Egypt, Iran and Lebanon. Understanding from the news headlines which ZooPark attackers mentioned as bait for victims to load the strain, it's likely that United Nations Relief and Works Agency members are getting targeted with the particular malware. Telling CyberScoop, Alexey Firsh malware analyst at Kaspersky said the malware had attacked nearly hundred targets.

According to him, selection of the targets was very specific. The worldwide security firm without disclosing ZooPark victims' identities asserted its products effectively spotted as well as blocked the threat.

» SPAMfighter News - 5/18/2018