[APT REPORTS](https://securelist.com/all?category=908) _[Energetic Bear/Crouching Yeti: attacks on servers](https://securelist.com/energetic-bear-crouching-yeti/85345/)_ _[A Slice of 2017 Sofacy Activity](https://securelist.com/a-slice-of-2017-sofacy-activity/83930/)_ # Who’s who in the Zoo _[Sofacy APT hits high profile targets with updated toolset](https://securelist.com/sofacy-apt-hits-high-profile-targets-with-updated-toolset/72924/)_ ## Cyberespionage operation targets Android users in _[APT Trends report Q3 2017](https://securelist.com/apt-trends-report-q3-2017/83162/)_ ## the Middle East From Linux to Windows – New Family of Cross-Platform _Desktop Backdoors Discovered_ ###### By Alexey Firsh on May 3, 2018. 10:00 am ZooPark is a cyberespionage operation that has been focusing on Middle Eastern targets since at least June 2015. The threat actors behind the operation infect Android devices using several generations of malware, with the attackers including new features in each iteration. We label them from v1-v4, with v4 being the most recent version deployed in 2017. From the technical point of view, the evolution of ZooPark has shown notable progress: from the very basic first and second versions, the commercial spyware fork in its third version and then to the complex spyware that is version 4. This last step is especially interesting, showing a big leap from straightforward code functionality to highly sophisticated malware. ----- _E_ _l ti_ _f Z_ _P_ _k_ _l_ _f_ _t_ ----- hacked by the attackers to redirect visitors to a downloading site that serves malicious APKs. Some of the themes observed in campaign include “Kurdistan referendum”, “TelegramGroups” and “Alnaharegypt news”, among others. Target profile has evolved during the last years of campaign, focusing on victims in Egypt, Jordan, Morocco, Lebanon and Iran. If you would like to learn more about our intelligence reports or request more information on a specific report, contact us at: intelreports@kaspersky.com. ----- Andro id use rs in t he Middle East .” re po rt [APT](https://securelist.com/all?tag=538) [BACKDOOR](https://securelist.com/all?tag=568) [CYBERESPIONAGE](https://securelist.com/all?tag=956) [GOOGLE ANDROID](https://securelist.com/all?tag=34) [MALWARE DESCRIPTIONS](https://securelist.com/all?tag=123) Share post on: ####    [WATERING HOLE ATTACKS](https://securelist.com/all?tag=810) ### Related Posts ###### Energetic Leaking ads Roaming Mantis uses Bear/Crouching Yeti: DNS hijacking to attacks on servers infect Android smartphones ##### LEAVE A REPLY Your email address will not be published. Required fields are marked * ###### Leaking ads ###### Roaming Mantis uses DNS hijacking to infect Android smartphones Enter your comment here ###### Energetic Bear/Crouching Yeti: attacks on servers ----- Email * Notify me when new comments are added. SUBMIT reCAPTCHA Please upgrade to a supported browser to get a reCAPTCHA challenge. Alternatively if you think you are getting this page in error, please check your internet connection and reload. Why is this happening to me? ----- [© 2018 AO Kaspersky Lab. All Rights Reserved.](https://www.kaspersky.com) Registered trademarks and service marks are the property of their respective owners. [Contact us | Privacy Policy | License Agreement](https://securelist.com/contacts) Email SUBSCRIBE -----