Lookout Discovers Houthi-Deployed Android Surveillanceware Targeting Middle Eastern Military Forces
09 Julio 2024 - 5:00AM
Business Wire
Lookout Attributes GuardZoo to Yemen’s Houthi
Militia, a Global Terrorist Organization
Lookout, Inc., the data-centric cloud security company, today
announced the discovery of Android surveillanceware that is
actively targeting military personnel in Middle Eastern countries.
Dubbed GuardZoo by Lookout, this campaign leverages malicious apps
with military and religious themes to lure victims via social
engineering on mobile devices. While Lookout is still actively
analyzing data, thus far it has seen more than 450 IP addresses
belonging to victims primarily located in Yemen, Saudi Arabia,
Egypt, Oman, the United Arab Emirates (UAE), Qatar and Turkey.
Based on application lures, targeting and threat actor-controlled
server locations, Lookout attributes GuardZoo to a Yemeni,
Houthi-aligned threat actor. In January 2024, the U.S. government
re-designated the Houthi militia as a Specially Designated Global
Terrorist group.
Threat Discovery Highlights:
- Distribution appears to occur via social engineering in
WhatsApp, WhatsApp Business, and mobile browsers.
- GuardZoo collects data such as photos, documents, location
data, saved GPS routes and tracks, device model number, mobile
carrier and Wi-Fi configuration from infected devices.
- Most of the victims appear to be in Yemen. Based on findings,
researchers believe that many are members of Pro-Hadi forces.
GuardZoo is based on a commodity spyware named Dendroid RAT,
which Lookout protects its customers against. As is frequently the
case, the developers behind GuardZoo took an existing malware
family and created a new variation of it with updated capabilities.
In this case, one interesting capability is that GuardZoo can act
as a conduit between the threat actor and the victim’s device
allowing the threat actor to download additional malware to the
infected device. This could introduce additional invasive
capabilities that would benefit the threat actor.
Researchers also noticed that recent samples of GuardZoo pose as
religious, e-book, and military-themed apps such as “Constitution
of the Armed Forces,” “Limited - Commander and Staff” and
“Restructuring of the New Armed Forces." When observing log
entries, the targeting of military personnel was solidified with
the discovery of exfiltrated documents belonging to military
leadership. For example, one document’s title translated to “Very
Confidential, Republic of Yemen, Ministry of Defense, Chief of the
General Staff, War Operations Department, Insurance Division.”
“The discovery of GuardZoo is a reminder of the growing threat
posed by advanced surveillanceware,” said Aaron Cockerill,
Executive Vice President of Product & Security, Lookout. “These
spyware packages can be used to collect a wide range of data from
infected devices, which in the case of GuardZoo, could put military
personnel and operations at risk. We urge security professionals to
be aware of this threat and to take steps to protect their users,
and work and personal data.”
To protect both business and personal Android devices from
GuardZoo and other surveillanceware, Lookout recommends the
following basic steps that anyone can take.
- Keep your operating system and apps up to date, as most updates
nowadays are related to security patches.
- Only install apps from Google Play, not third-party sources. If
you receive a message asking you to install an app from a website,
immediately block the number and report the incident to your IT or
Security team.
- Be mindful of the permissions that mobile apps ask for. Overly
invasive permissions, even from legitimate apps, could create data
risk for your organization.
- Implement a mobile security solution, like Lookout, that can
detect and protect against malware and keep your organization
safe.
Lookout Threat Lab researchers actively track both spyware and
provide coverage to Lookout Mobile Endpoint Security customers. The
Lookout Security Cloud uses AI to analyze mobile data by leveraging
machine learning algorithms and analyzing telemetry obtained from
more than 325 million apps, 220 million devices and 450 million
sites. With the world's largest dataset of mobile security
information, Lookout can identify complex patterns and behaviors in
real time that indicate risk, providing unparalleled protection for
mobile devices. Lookout secures customers against phishing, app,
device, and network threats in a manner that respects user
privacy.
To learn more about GuardZoo, read the Lookout Threat Lab
blog.
Additional Resources:
- Learn more about the Lookout Mobile Endpoint Security and the
Lookout Threat Lab.
- Sign up for a complimentary Data Risk Assessment.
- Listen and subscribe to Security Soapbox, the Lookout podcast
covering privacy, security, and everything in between.
About Lookout
Lookout, Inc. is the data-centric cloud security company that
uses a defense-in-depth strategy to address the different stages of
a modern cybersecurity attack. Data is at the core of every
organization, and our approach to cybersecurity is designed to
protect that data within today’s evolving threat landscape no
matter where or how it moves. People — and human behavior — are
central to the challenge of protecting data, which is why
organizations need total visibility into threats in real time. The
Lookout Cloud Security Platform is purpose-built to stop modern
breaches as swiftly as they unfold, from the first phishing text to
the final cloud data extraction. We are trusted by enterprises and
government agencies of all sizes to protect the sensitive data they
care about most, enabling them to work and connect freely and
securely. To learn more, visit www.lookout.com and follow Lookout
on our blog, LinkedIn and X.
© 2024 Lookout, Inc. LOOKOUT®, the Lookout Shield Design®,
LOOKOUT with Shield Design® and the Lookout
multi-color/multi-shaded Wingspan Design® are registered trademarks
of Lookout, Inc. in the United States and other countries. DAY OF
SHECURITY®, LOOKOUT MOBILE SECURITY®, and POWERED BY LOOKOUT® are
registered trademarks of Lookout, Inc. in the United States.
Lookout, Inc. maintains common law trademark rights in EVERYTHING
IS OK, PROTECTED BY LOOKOUT, CIPHERCLOUD, and the 4 Bar Shield
Design.
View source
version on businesswire.com: https://www.businesswire.com/news/home/20240709949461/en/
Lookout PR: press@lookout.com