GuardZoo malware is being used to target military personnel from the Middle East. This ongoing surveillanceware campaign may have started as early as October 2019. It has been connected to a Houthi-aligned actor. Over 450 victims have been impacted by the malware, with the primary country of infection appearing to be Yemen. Attack chains distributing GuardZoo use WhatsApp as a distribution vendor. Android apps with military and religious themes are used to entice users into downloading them, which allows for the initial infection. GuardZoo allows for the hacker to access photos, documents, and mapping files. It has also been used in the past to steal sensitive military documents. This indicates that the Houthi-affiliated actor using GuardZoo may be attempting to collect tactical and strategic military intelligence for Houthi operations. 

Read more: https://thehackernews.com/2024/07/guardzoo-malware-targets-over-450.html