Zimperium Blog

In our previous article, we explored how cloud misconfigurations and poor cryptographic practices in mobile apps can expose enterprise data. However, the risks don't stop there. Our research has uncovered equally concerning issues with how mobile apps handle data locally on devices and transmit information to remote servers.

On February 12, Cyble reported the discovery of a new variant of the BTMOB spyware, named BTMOB RAT v2.5. This malicious software is being distributed through deceptive phishing sites impersonating popular streaming services like iNat TV and fraudulent cryptocurrency mining platforms.

A recent report by Cleafy uncovered SuperCardX, a sophisticated Malware-as-a-Service (MaaS) operation used for conducting NFC relay fraud.

Following ThreatFabric’s publication on Crocodilus, a sophisticated Android banking trojan, our zLabs team conducted a deeper investigation into its broader ecosystem.

Following ThreatFabric’s publication on Crocodilus, a sophisticated Android banking trojan, our zLabs team conducted a deeper investigation into its broader ecosystem.

Third-party applications deployed within an enterprise environment can inadvertently act as gateways for attackers if not properly vetted before implementation. These applications, while essential to enterprise operations, pose unique security challenges when their vulnerabilities are overlooked or security assessments are neglected during the procurement and deployment process.

A recent report by McAfee disclosed a new Android malware campaign leveraging the .NET MAUI cross-platform framework to evade detection.

Our zLabs team dives into why rooting and jailbreaking is a significant threat for enterprises and much more.