July 9, 2024 at 07:07AM
Surveillance malware like NSO Group’s Pegasus often gets the attention, but less sophisticated tools like GuardZoo, used by Houthi rebels in Yemen, are still prevalent. Distributed through social engineering, it targets military members in Yemen and other countries. Despite being less advanced than Pegasus, its widespread use presents a significant threat.
Based on the meeting notes, it was discussed that GuardZoo, a decade-old RAT-based Android surveillanceware developed and used by Houthi rebels, has been actively targeting military members in Yemen. The malware is distributed through social engineering tactics such as impersonating legitimate apps and disseminating military-themed content via WhatsApp or direct browser downloads. The analysis suggests that GuardZoo is also present on devices belonging to military staff in Saudi Arabia, Egypt, and Oman.
GuardZoo is able to update itself stealthily using .dex files and is capable of stealing photos, documents, device and configuration data. While it is not as advanced as government-sponsored malware like Pegasus, it exhibits similar capabilities and relies on tricking users into installation rather than exploiting obscure vulnerabilities with zero-click attacks.
The discussion emphasized that while GuardZoo may not pose a direct threat to an enterprise IT company in the American Midwest, it is indicative of a broader trend of increasing government-backed spyware development and surveillanceware. The proliferation of similar surveillance malware deployed by state-backed cyber groups with greater ambition was highlighted as a significant concern.
In summary, the key takeaways from the meeting notes are the active presence and capabilities of GuardZoo, the rise of app-based surveillance malware associated with state-backed cyber groups, and the importance of remaining vigilant and proactive in response to potential threats.