Carding Forum
Professional
- Messages
- 2,788
- Reaction score
- 1,177
- Points
- 113
Hundreds of fighters in the Middle East have already been hit by the new cyberweapon.
In March 2014, Symantec first discovered an Android remote access Trojan called Dendroid RAT. This malicious software was sold for $300 and had a wide range of functions, including managing calls, accessing SMS messages, creating photos and videos, and initiating HTTP attacks. In August of the same year, the entire source code of Dendroid RAT leaked to the network.
This month, researchers at Lookout publicly linked the newly discovered malicious activity to the leaked Dendroid RAT. According to experts, it was on this basis that the attackers compiled a new version of the hacker tool called GuardZoo.
The main target for attacks using GuardZoo were military personnel from the Middle East, and researchers attribute the creation and operation of the malware to the Yemeni Houthis. As reported, GuardZoo has been used for many years, at least since October 2019. However, only now experts have collected enough information to voice an educated guess about the origin of the malware and the nature of the attacks.
The Houthis took control of Yemen's capital in 2014, leading to a civil war. According to human rights organizations, since June 2019, Saudi Arabia's controversial intervention has triggered a wave of arbitrary arrests, torture, and enforced disappearances.
The updated version of GuardZoo is distributed via WhatsApp and WhatsApp Business, as well as through direct downloads from mobile browsers. The malware supports more than 60 commands, including the ability to receive additional payloads, upload files and APKs, change the command server address, and delete itself from an infected device.
Although the GuardZoo baits were initially quite generic, they evolved over time to include military themes with titles such as" Constitution of the Armed Forces "and"Restructuring of the New Armed Forces". Meanwhile, the emblems of the armed forces of various countries in the Middle East, including Yemen and Saudi Arabia, regularly appeared in such applications.
Malicious activity affected more than 450 victims, mostly military personnel from Yemen, but also from Egypt, Oman, Qatar, Saudi Arabia, Turkey and the United Arab Emirates. GuardZoo is specifically designed to steal photos, documents, and map files from victims ' devices, indicating an interest in collecting tactical and strategic military information.
Since the beginning of the campaign, GuardZoo has been using the same dynamic DNS domains for C2 operations, which, although regularly changed, are still registered on YemenNet. This confirms the connection with the Houthis, who control the north-west of Yemen. In recent years, they have been actively implementing cyber capabilities in their actions, as well as directly attacking cyberspace, such as the February incident with an underwater cable in the Red Sea.
This incident highlights the growing importance of cybersecurity in the military and the need for increased vigilance when using mobile devices by military personnel. It also demonstrates how political conflicts are increasingly being transferred to the digital space, where information advantage can be crucial.
Source
In March 2014, Symantec first discovered an Android remote access Trojan called Dendroid RAT. This malicious software was sold for $300 and had a wide range of functions, including managing calls, accessing SMS messages, creating photos and videos, and initiating HTTP attacks. In August of the same year, the entire source code of Dendroid RAT leaked to the network.
This month, researchers at Lookout publicly linked the newly discovered malicious activity to the leaked Dendroid RAT. According to experts, it was on this basis that the attackers compiled a new version of the hacker tool called GuardZoo.
The main target for attacks using GuardZoo were military personnel from the Middle East, and researchers attribute the creation and operation of the malware to the Yemeni Houthis. As reported, GuardZoo has been used for many years, at least since October 2019. However, only now experts have collected enough information to voice an educated guess about the origin of the malware and the nature of the attacks.
The Houthis took control of Yemen's capital in 2014, leading to a civil war. According to human rights organizations, since June 2019, Saudi Arabia's controversial intervention has triggered a wave of arbitrary arrests, torture, and enforced disappearances.
The updated version of GuardZoo is distributed via WhatsApp and WhatsApp Business, as well as through direct downloads from mobile browsers. The malware supports more than 60 commands, including the ability to receive additional payloads, upload files and APKs, change the command server address, and delete itself from an infected device.
Although the GuardZoo baits were initially quite generic, they evolved over time to include military themes with titles such as" Constitution of the Armed Forces "and"Restructuring of the New Armed Forces". Meanwhile, the emblems of the armed forces of various countries in the Middle East, including Yemen and Saudi Arabia, regularly appeared in such applications.
Malicious activity affected more than 450 victims, mostly military personnel from Yemen, but also from Egypt, Oman, Qatar, Saudi Arabia, Turkey and the United Arab Emirates. GuardZoo is specifically designed to steal photos, documents, and map files from victims ' devices, indicating an interest in collecting tactical and strategic military information.
Since the beginning of the campaign, GuardZoo has been using the same dynamic DNS domains for C2 operations, which, although regularly changed, are still registered on YemenNet. This confirms the connection with the Houthis, who control the north-west of Yemen. In recent years, they have been actively implementing cyber capabilities in their actions, as well as directly attacking cyberspace, such as the February incident with an underwater cable in the Red Sea.
This incident highlights the growing importance of cybersecurity in the military and the need for increased vigilance when using mobile devices by military personnel. It also demonstrates how political conflicts are increasingly being transferred to the digital space, where information advantage can be crucial.
Source
