Security News > 2024 > July > GuardZoo spyware used by Houthis to target military personnel

Lookout discovered GuardZoo, Android spyware targeting Middle Eastern military personnel.

Based on application lures, targeting, and threat actor-controlled server locations, Lookout attributes GuardZoo to a Yemeni, Houthi-aligned threat actor.

GuardZoo is based on a commodity spyware named Dendroid RAT. As is frequently the case, the developers behind GuardZoo took an existing malware family and created a new variation with updated capabilities.

Researchers also noticed that recent GuardZoo samples have been used as religious, e-book, and military-themed apps such as "Constitution of the Armed Forces," "Limited - Commander and Staff" and "Restructuring of the New Armed Forces." When observing log entries, the targeting of military personnel was solidified with the discovery of exfiltrated documents belonging to military leadership.

"The discovery of GuardZoo is a reminder of the growing threat posed by advanced surveillanceware," said Aaron Cockerill, Executive VP of Product & Security, Lookout.

"These spyware packages can be used to collect a wide range of data from infected devices, which in the case of GuardZoo, could put military personnel and operations at risk. We urge security professionals to be aware of this threat and to take steps to protect their users, and work and personal data."

News URL

https://www.helpnetsecurity.com/2024/07/09/guardzoo-spyware-target-military-personnel/