Lookout Discovers Houthi-Deployed Android Surveillanceware Targeting Middle Eastern Military Forces
Lookout, Inc., a leading data-centric cloud security company, has recently uncovered a sophisticated Android surveillanceware campaign that specifically targets military personnel in various Middle Eastern countries. Known as GuardZoo, this malicious campaign utilizes deceptive apps with military and religious themes to dupe victims through social engineering on their mobile devices.
The analysis conducted by Lookout has revealed that over 450 IP addresses of victims have been identified, predominantly located in countries such as Yemen, Saudi Arabia, Egypt, Oman, the United Arab Emirates (UAE), Qatar, and Turkey. Based on the application lures, targeting strategies, and the location of threat actor-controlled servers, Lookout has attributed GuardZoo to a Yemeni threat actor with ties to the Houthi militia. It is worth noting that the U.S. government recently classified the Houthi militia as a Specially Designated Global Terrorist group.
Here are some key highlights from the discovery of GuardZoo:
– The distribution of GuardZoo appears to be facilitated through tactics like social engineering via popular platforms like WhatsApp, WhatsApp Business, and mobile browsers.
– GuardZoo is designed to collect a wide array of sensitive data from infected devices, including photos, documents, location data, saved GPS routes, device model numbers, mobile carrier information, and Wi-Fi configurations.
– The majority of the victims targeted by GuardZoo are believed to be located in Yemen, with a significant portion identified as members of Pro-Hadi forces.
GuardZoo is based on a well-known surveillanceware tool called Dendroid RAT, which Lookout offers protection against to its customers. The actors behind GuardZoo have enhanced its capabilities by allowing the malware to serve as a conduit for additional malicious downloads onto the infected devices, potentially escalating the threat posed to victims.
In their examination of GuardZoo samples, Lookout researchers have observed that the malicious apps impersonate religious, e-book, and military-themed applications like Constitution of the Armed Forces, Limited – Commander and Staff, and Restructuring of the New Armed Forces. Log entries indicate a clear focus on military personnel, evidenced by the exfiltration of sensitive documents belonging to military leadership.
Aaron Cockerill, Lookout’s Executive Vice President of Product & Security, emphasized the significance of GuardZoo’s discovery, highlighting the serious risks posed by advanced surveillanceware. Cockerill urged security professionals to remain vigilant and take proactive steps to safeguard their organizations and users against such threats.
To protect against GuardZoo and similar surveillanceware, Lookout recommends the following steps:
– Keep operating systems and apps up to date to mitigate security vulnerabilities.
– Only download apps from trusted sources like Google Play and report any suspicious requests for app installations.
– Review app permissions carefully to prevent unauthorized data access.
– Consider implementing a mobile security solution like Lookout to bolster defense against malicious threats.
GuardZoo underscores the evolving landscape of mobile threats and the critical importance of robust cybersecurity measures. By leveraging advanced technologies and threat intelligence, Lookout continues to provide unmatched protection for organizations and individuals against a range of mobile security risks.
