{"id":20264,"date":"2018-05-14T06:02:40","date_gmt":"2018-05-14T10:02:40","guid":{"rendered":"https:\/\/www.kaspersky.co.za\/blog\/?p=20264"},"modified":"2020-03-26T16:36:48","modified_gmt":"2020-03-26T14:36:48","slug":"zoopark-attacks","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.za\/blog\/zoopark-attacks\/20264\/","title":{"rendered":"How to avoid turning your smartphone into a spyware zoo"},"content":{"rendered":"<p>Sometimes even a completely innocent-looking site with a good reputation can be harmful\u00a0\u2014 criminals may find and exploit a vulnerability. For example, they can use the site for <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/drive-by-attack\/?utm_source=kdaily&amp;utm_medium=blog&amp;utm_campaign=termin-explanation\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">drive-by attacks<\/a>, causing each visitor to download a file automatically (and unwittingly) as soon as they get to the site. For example, Android users interested in current events in the Middle East are at risk of getting a whole menagerie \u2014 ZooPark spyware \u2014 on their phones.<\/p>\n<p>Kaspersky Lab has been following this malware since 2015, and it has learned a plethora of new tricks since then. The current, fourth version of this Trojan can steal almost any information from your smartphone, from contacts to call logs and info you enter by keyboard. Here is the list of data that ZooPark can collect and send to its owners:<\/p>\n<ul>\n<li>Contacts<\/li>\n<li>User account information<\/li>\n<li>Call history<\/li>\n<li>Call audio recordings<\/li>\n<li>Text messages<\/li>\n<li>Bookmarks and browser history<\/li>\n<li>Browser search history<\/li>\n<li>Device location<\/li>\n<li>Device information<\/li>\n<li>Information on installed apps<\/li>\n<li>Any files from the memory card<\/li>\n<li>Documents stored on the device<\/li>\n<li>Information entered using the on-screen keyboard<\/li>\n<li>Clipboard information<\/li>\n<li>App-stored data (for example, data from messaging apps such as Telegram, WhatsApp, and imo, or the Chrome browser)<\/li>\n<\/ul>\n<p>In addition, ZooPark can take screenshots and photos, and record videos on command. For example, it can take a picture of the phone\u2019s owner from the front camera and send it to its command center.<\/p>\n<h3>Malware beasts and where to find them<\/h3>\n<p>ZooPark <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/trojan\/?utm_source=kdaily&amp;utm_medium=blog&amp;utm_campaign=termin-explanation\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Trojan<\/a> spyware is used for targeted attacks \u2014 in other words, it\u2019s not sent out randomly to ensnare just anyone; it aims for a specific audience. As we said, the criminals behind ZooPark target those who are interested in specific topics\u00a0\u2014 in this case, Middle Eastern politics.<\/p>\n<p>ZooPark spreads by two main channels: drive-by downloads and Telegram. In the latter case, for example, criminals offered an app on the Telegram channel for voting on the Kurdistan independence referendum.<\/p>\n<p>Malefactors also hack some Web resources that are popular in certain countries or circles, making visitors automatically download an infected app that looks like something useful \u2014 for example, an official app for the news resource. Finally, in some cases, the malware pretends to be an \u201call-in-one\u201d messenger. For more details about the technical aspects of ZooPark, see the <a href=\"https:\/\/securelist.com\/whos-who-in-the-zoo\/85394\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">post on Securelist<\/a>.<\/p>\n<h3>Don\u2019t buy a zoo<\/h3>\n<p>To avoid falling prey to this kind of dangerous spyware, remember a few important rules that will help make your virtual life safer:<\/p>\n<ul>\n<li>Download apps only from trusted sources. Even better, use your device settings to disable the ability to install programs from third-party stores.<\/li>\n<li>Update your operating system and important apps as updates become available. Many safety issues can be solved by installing updated versions of software.<\/li>\n<li>Use <a href=\"https:\/\/www.kaspersky.co.za\/mobile-security?icid=en-za_kdailyplacehold_acq_ona_smm__onl_b2c_kdaily_wpplaceholder_sm-team___kisa____f1e79fd4d11f58d1\" target=\"_blank\" rel=\"noopener\">mobile antivirus software<\/a> to block suspicious links and apps. Kaspersky Internet Security for Android detects and neutralizes ZooPark.<\/li>\n<\/ul>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kisa-generic\">\n","protected":false},"excerpt":{"rendered":"<p>Do you follow the news? The news may also be following you. ZooPark spyware targets those partial to politics.<\/p>\n","protected":false},"author":2484,"featured_media":20265,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5,2670],"tags":[105,181,1450,97,45,422,723],"class_list":{"0":"post-20264","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"category-threats","9":"tag-android","10":"tag-mobile-apps","11":"tag-politics","12":"tag-security-2","13":"tag-smartphones","14":"tag-threats","15":"tag-trojans"},"hreflang":[{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/zoopark-attacks\/20264\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/zoopark-attacks\/13308\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/zoopark-attacks\/11105\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/zoopark-attacks\/15376\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/zoopark-attacks\/13651\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/zoopark-attacks\/12962\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/zoopark-attacks\/16141\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/zoopark-attacks\/15722\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/zoopark-attacks\/20537\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/zoopark-attacks\/4931\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/zoopark-attacks\/22389\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/zoopark-attacks\/10526\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/zoopark-attacks\/10346\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/zoopark-attacks\/16704\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/zoopark-attacks\/20364\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/zoopark-attacks\/20268\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.co.za\/blog\/tag\/android\/","name":"Android"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/20264","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/users\/2484"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/comments?post=20264"}],"version-history":[{"count":5,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/20264\/revisions"}],"predecessor-version":[{"id":26978,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/20264\/revisions\/26978"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/media\/20265"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/media?parent=20264"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/categories?post=20264"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/tags?post=20264"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}