Kaspersky Lab Discovers ZooPark, an Android-based Malware Campaign

Kaspersky Lab Discovers ZooPark, an Android-based Malware Campaign (May 3, 2018)

A previously unknown Advanced Persistent Threat, dubbed “ZooPark,” has been identified to be targeting Android users in Middle Eastern countries, according to Kaspersky Lab researchers. The group was discovered when Kaspersky Lab received a sample of an unknown Android malware. Further research into this malware led to the discovery a recent version of the malware contained in the same application as the initial sample. The malicious applications impersonate legitimate applications with names such as “TelegramGroups” and “Alnaharegypt news,” among others that are relevant in some targeted countries. The ZooPark malware is distributed on news and political websites and is capable of stealing various forms of data as well as executing shell commands.

Recommendation: It is important to only use the Google Play Store to obtain your software (for Android users), and avoid installing software from unverified sources because it is easier for malicious applications to get into third-party stores. Applications that ask for additional permissions outside of their normal functionality should be treated with suspicion, and normal functionality for the applications should be reviewed carefully prior to installation. Antivirus applications, if available, should be deployed on devices, particularly those that could contain sensitive information.

Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.