ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Home > List all groups > List all tools > List all groups using tool ZooPark

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: ZooPark

TypeBackdoor, Info stealer, Credential stealer, Exfiltration
Description(Kaspersky) Kaspersky Lab has been following this malware since 2015, and it has learned a plethora of new tricks since then. The current, fourth version of this Trojan can steal almost any information from your smartphone, from contacts to call logs and info you enter by keyboard. Here is the list of data that ZooPark can collect and send to its owners:

• Contacts
• User account information
• Call history
• Call audio recordings
• Text messages
• Bookmarks and browser history
• Browser search history
• Device location
• Device information
• Information on installed apps
• Any files from the memory card
• Documents stored on the device
• Information entered using the on-screen keyboard
• Clipboard information
• App-stored data (for example, data from messaging apps such as Telegram, WhatsApp, and imo, or the Chrome browser)

In addition, ZooPark can take screenshots and photos, and record videos on command. For example, it can take a picture of the phone’s owner from the front camera and send it to its command center.

Last change to this tool card: 13 May 2020

Download this tool card in JSON format

All groups using tool ZooPark


APT groups


1 group listed (1 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]