Malware targeting Android users through Telegram revealed | Inquirer Technology

Malware targeting Android users through Telegram revealed

/ 08:45 PM May 09, 2018

Image: AFP/Kirill Kudryavtsev via AFP Relaxnews

Kaspersky Lab has released an announcement and report of a “sophisticated cyberespionage campaign” that goes by the name ZooPark.

The malware has been targeting Android device users based in Middle Eastern countries for years and appears to be a “nation-state backed operation aimed at political organizations, activists and other targets based in the region,” according to the internet security company.

Article continues after this advertisement

Disguised as legitimate apps, ZooPark was being distributed from news and political websites popular in the region. One of the vectors was Telegram, the popular messaging app with end-to-end encryption, which has just been banned in Iran for “being used to coordinate illegal activity,” according to the Islamic Republic News Agency.

FEATURED STORIES

The announcement lists the information that the malware provides the attacker, including everything from contacts to account data, GPS location, SMS messages and more. There is also a backdoor function that allows for silently sending SMS messages and making calls as well as the execution of shell commands.

Researchers at Kaspersky Lab first confused the malware for a simple cyberespionage tool. However upon further investigation they discovered a recent and sophisticated version of the app, which they decided to call ZooPark. They have been able to identify at least four generations of malware related to the ZooPark family dating back to at least 2015.

Article continues after this advertisement

“This last step is especially interesting, showing a big leap from straightforward code functionality to highly sophisticated malware,” the Kaspersky report concludes. “This suggests the latest version may have been bought from vendors of specialist surveillance tools.”

Article continues after this advertisement

Kaspersky Lab also suggests that the attackers are focusing the malware on users based in Eygpt, Jordan, Morocco, Lebanon and Iran. Kaspersky malware analyst Alexey Firsh told CyberScoop in an email that fewer than 100 targets had been observed.

Article continues after this advertisement

“This and other clues indicates that the targets are specifically selected,” Firsh said.

The global cybersecurity company did not reveal the identities of the malware victims. They do, however, claim that their products successfully detect and block this threat. JB

Article continues after this advertisement

RELATED STORIES:

Stephen Hawking’s project in search of E.T. gets boost from new technology

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our daily newsletter

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

WATCH: Google Assistant makes phone reservation at a beauty salon

TOPICS: Android, Kaspersky Lab, malware, Middle East, Telegram
TAGS: Android, Kaspersky Lab, malware, Middle East, Telegram

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our newsletter!

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

© Copyright 1997-2024 INQUIRER.net | All Rights Reserved

This is an information message

We use cookies to enhance your experience. By continuing, you agree to our use of cookies. Learn more here.