Houthi rebels are operating their own GuardZoo spyware
Interview When it comes to surveillance malware, sophisticated spyware with complex capabilities tends to hog the limelight – for example NSO Group's Pegasus, which is sold to established governments. But it's actually less polished kit that you've never heard of, like GuardZoo – developed and used by Houthi rebels in Yemen – that dominates the space.
This is according to Lookout principal researcher Justin Albrecht, who spoke to us about the analyst's report, out today, revealing the existence of GuardZoo. The report says that the Dendroid RAT-based Android surveillanceware, first spotted in 2022, is still active. It has actually been on the scene since at least 2019, Lookout says. The infoseccers believe GuardZoo is linked to Houthi rebels – based on its targeting of Yemeni military members, as well as logs from GuardZoo's C2 server, its lures, and other data points.
GuardZoo is distributed via WhatsApp or direct browser downloads, and appears to rely on social engineering tricks – for example it impersonates legitimate apps and disseminates military-themed content – to con users into installing it. Along with seeing it on the devices of victims in Yemen, Lookout says it has also viewed samples of GuardZoo on hardware belonging to military staff in Saudi Arabia, Egypt, and Oman.
/cdn.vox-cdn.com/uploads/chorus_asset/file/23951575/VRG_Illo_STK192_L_Normand_LinaKhan_Neutral.jpg)
