image credit: Adobe Stock

Houthi rebels are operating their own GuardZoo spyware

July 9, 2024

When it comes to surveillance malware, sophisticated spyware with complex capabilities tends to hog the limelight – for example NSO Group’s Pegasus, which is sold to established governments. But it’s actually less polished kit that you’ve never heard of, like GuardZoo – developed and used by Houthi rebels in Yemen – that dominates the space.

This is according to Lookout principal researcher Justin Albrecht, who spoke to us about the analyst’s report, out today, revealing the existence of GuardZoo. The report says that the Dendroid RAT-based Android surveillanceware, first spotted in 2022, is still active. It has actually been on the scene since at least 2019, Lookout says. The infoseccers believe GuardZoo is linked to Houthi rebels – based on its targeting of Yemeni military members, as well as logs from GuardZoo’s C2 server, its lures, and other data points.

Read More on The Register