GuardZoo Android Malware Attacking military personnel via WhatsApp To Steal Sensitive Data

15 July 2024

A Houthi-aligned group has been deploying Android surveillanceware called GuardZoo since October 2019 to target military personnel in the Middle East by leveraging social engineering tactics and using military-themed lures to trick victims into downloading the malware. Based on a preexisting RAT (Remote Access Trojan) called Dendroid, GuardZoo grants attackers remote control over the infected device, allowing for data exfiltration and potentially additional malware installations. The campaign remains active and has targeted users in Yemen, Saudi Arabia, Egypt, and Oman, as Google has confirmed that no GuardZoo-infected apps are currently available on Google Play. List of GuardZoo samples with dates and titles. GuardZoo, a derivative of the leaked Dendroid RAT, utilizes a custom C2 backend built with ASP.NET instead of the original’s PHP web panel.

Source: GBHackers

Date:

15 July 2024

Categorie(s):

NEWS

Tag(s):

Android, Cyber Crime, Cyber Espionage, Google, Steal

Criminals open DocuSign’s Envelope API to make BEC special delivery5 November 2024
Biden administration prepares second executive order on cybersecurity5 November 2024
Link Index for Customer Identity and Access Management5 November 2024
Technical debt, multi-cloud complexity hinder modern tech adoption5 November 2024
FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions5 November 2024