Security News > 2024 > July > GuardZoo Malware Targets Over 450 Middle Eastern Military Personnel

GuardZoo Malware Targets Over 450 Middle Eastern Military Personnel
2024-07-09 10:05

Military personnel from Middle East countries are the target of an ongoing surveillanceware operation that delivers an Android data-gathering tool called GuardZoo.

GuardZoo is a modified version of an Android remote access trojan named Dendroid RAT that was first discovered by Broadcom-owned Symantec in March 2014.

Originally marketed as a commodity malware for a one-off price of $300, it comes with capabilities to call a phone number, delete call logs, open web pages, record audio and calls, access SMS messages, take and upload photos and videos, and even initiate an HTTP flood attack.

"GuardZoo doesn't use the leaked PHP web panel from Dendroid RAT for Command and Control but instead uses a new C2 backend created with ASP.NET.".

Attack chains distributing GuardZoo leverage WhatsApp and WhatsApp Business as distribution vectors, with the initial infections also taking place via direct browser downloads.

"GuardZoo has been using the same dynamic DNS domains for C2 operations since October 2019," the researchers said.


News URL

https://thehackernews.com/2024/07/guardzoo-malware-targets-over-450.html