Maps

Prevent Mobile Bot Abuse: A Guide for App Security Teams

Learn how to protect your mobile app from sophisticated bot attacks with effective in-app security measures that detect and prevent various bot tactics in real-time.

Read More

How App Attestation Stops API Abuse in Mobile Apps

Prevent API abuse in mobile apps with Zimperium's zDefend, ensuring secure, genuine app communications through robust app attestation and runtime protection. === Summary: The blog discusses how mobile APIs are vulnerable to abuse through methods like emulators and replay attacks. App attestation is crucial for ensuring that API requests are authentic and come from untampered apps on trusted devices. Zimperium's zDefend SDK enhances app attestation by preventing tampering, blocking emulators, stopping replay attacks, and providing robust key protection. This ensures secure communications between the mobile app and its backend servers.

Read More

Extended Rapid Response: Zimperium Expands Detection of PlayPraetors Android RAT Campaign with Additional Samples and Targets

Zimperium expands detection of PlayPraetors Android RAT campaign—targeting 11K+ devices via fake Play Stores, overlays, and real-time fraud.

Read More

The Critical Role of Supply Chain Resilience in Today's Digital Landscape

Businesses must recognize that operational resilience extends beyond cybersecurity; it encompasses the entire supply chain, ensuring that even routine updates do not disrupt operations.

Read More

How Application Shielding Fits into the DevSecOps Framework 

What is a DevSecOps framework and why is it important?

Read More

Banks Admit Cybersecurity is the Biggest Threat. Now What?

In JPMorgan Chase's 2018 annual report, CEO Jamie Dimon states in a widely read letter to shareholders the following. “The threat of cybersecurity may

Read More

Now Available: Integrate Mobile App Scans into CI/CD Pipeline Using GitHub Actions

These days developers are incentivized to build mobile app features faster than ever, which frequently leads to releasing vulnerable code. Mobile

Read More

Debunking Five Myths About Mobile Security

Zimperium identifies and debunks the top five myths about mobile security and explained how to safeguard your enterprise with clarity and confidence.

Read More

ISM’s Guidelines for Enterprise Mobility

In this blog, we will analyze the ISM’s mobile controls, explore the risks they aim to mitigate, and outline practical approaches for addressing each control.

Read More

Zimperium Detects New Android Spyware Targeting South Korea

Security researchers at Cyble have uncovered a new Android spyware campaign primarily targeting individuals in South Korea. This sophisticated malware, masquerading as legitimate applications, poses a significant threat to user privacy and data security.

Read More

Zimperium Mobile Threat Defense (MTD) Achieves IRAP PROTECTED Status

Zimperium has achieved the Australian Government security status of  PROTECTED after successfully completing an assessment performed by the Information Security Registered Assessors Program (IRAP) for its sovereign-hosted Mobile Threat Defense (MTD) solution.

Read More

A Network of Harm: Gigabud Threat and Its Associates

This article will focus on the Phishing Chronology. Analyzing 88014 phishing URLs collected from public sources and Zimperium data, we will show how dynamic and fast evolving are the phishing threats. 

Read More

Unmasking SpyAgent: Zimperium’s Zero-Day Defense Against Cryptocurrency Theft

Zimperium’s Zero-Day defense against a sophisticated Android malware campaign involving SpyAgent, a spyware strain designed to steal cryptocurrency credentials.

Read More

Preventing Infections of N-Day Exploits Delivered via Malicious Websites

State-backed attackers and commercial surveillance vendors repeatedly using N-day exploits to target known vulnerabilities in devices. 

Read More

Safeguarding Financial Data: Essential Cybersecurity Practices for Mobile Banking

Mobile app developers committed to upholding the highest security standards are faced with several considerations when developing and maintaining banking apps. Learn more.

Read More

Zimperium Welcomes Shashank Pathak to Our Go-to-Market Team in India

As we continue to strengthen our presence in India and South Asia, we are excited to announce the appointment of Shashank Pathak to our Go-to-Market team.

Read More

DAST Best Practices for Mobile Developers

This blog post will guide you through the essential best practices for integrating DAST into your mobile development process.

Read More

Deep Dive into Phishing Chronology: Threats and Trends 

This article will focus on the Phishing Chronology. Analyzing 88014 phishing URLs collected from public sources and Zimperium data, we will show how dynamic and fast evolving are the phishing threats. 

Read More

Dynamic Application Security Testing vs. Static Application Security Testing

Learn the top 7 source code obfuscation techniques.

Read More

Securing Agency Devices: The Critical Need for Mobile App Vetting

This blog will explore the various types of risky apps and the concerns they pose, emphasizing the need for stringent mobile app vetting processes.

Read More

Integrating DAST in the Development Cycle

Learn the top 7 source code obfuscation techniques.

Read More

BlankBot: A New Android Banking Trojan Cannot Evade on Device Machine Learning Protection

Learn the top 7 source code obfuscation techniques.

Read More

Top 7 Source Code Obfuscation Techniques

Learn the top 7 source code obfuscation techniques.

Read More

Unmasking the SMS Stealer: Targeting Several Countries with Deceptive Apps

In this blog post, we will dive into a large-scale, Android-targeted SMS stealer campaign that our zLabs team discovered and has tracked since February 2022

Read More

Leveraging Zimperium’s Zero-Day Detection to Combat OilAlpha’s Remote Access Trojans

The recent incidents involving the pro-Houthi group OilAlpha, which targeted humanitarian organizations in Yemen, underscore the critical need for effective protection against RATs.

Read More

Phishing Campaigns and Rafel RAT: A Dangerous Duo

Among the myriad of tools employed in malicious activities, Remote Access Trojans (RATs) stand out for their ability to provide attackers with unfettered access to compromised systems.

Read More

Understanding Rafel RAT and Its Role in Mobile Ransomware Attacks

Rafel RAT is a type of malware that allows attackers to gain complete control over a victim's mobile device. Once installed, Rafel RAT can perform a

Read More

Beyond the App Store: The Hidden Risks of Sideloading Apps

Application sideloading opens the door to significant security vulnerabilities increasing the attack surface users are exposed to.

Read More

Emerging Trends of Binary Analysis

In this blog, Zimperium shares details about the mobile-targeted malware campaign named Operation Celestial Force, attributed to threat actors linked to Pakistan. Read the blog for more.

Read More

The Crucial Need for Mobile Security in Retail Point of Sale Systems

In this blog, Zimperium explores the key elements that constitute a strong application security posture, underlining its critical role in developing and maintaining secure, compliant and trustworthy mobile applications for users worldwide.

Read More

The Multifaceted Threat Landscape of Mobile Security

In this blog, Zimperium shares how the multifaceted threat landscape of mobile security expands beyond the SS7 protocol.

Read More

Building a Robust Foundation: How to Build a Strong Application Security Posture

In this blog, Zimperium explores the key elements that constitute a strong application security posture, underlining its critical role in developing and maintaining secure, compliant and trustworthy mobile applications for users worldwide.

Read More

White-Box Cryptography: The Key to Safeguarding Sensitive Data in Mobile Applications

Cryptography is routinely used to ensure data integrity and confidentiality. Yet, cryptographic protection is only as strong as the security of the used cryptographic keys.

Read More

Every Industry's Battle: The Threat of Mobile Malware on the Enterprise

Our research also shows that the 29 malware families we highlighted in the Heist report also target 478 non-banking mobile applications across 32 categories. 

Read More

Patching High Impact Vulnerabilities: A Retrospective on WebP CVE

In this blog, we delve into the multifaceted challenges of updating software safely and efficiently, particularly when high-impact vulnerabilities are at stake.

Read More

Your new car may be safer and smarter, but is it cyber-secure?

The auto industry reached an important milestone in 2020: more than half of the cars sold globally included internet connectivity as a standard feature.

Read More

More Malware May be Exposed to iOS Devices Because of Supreme Court Ruling

According to The Wall Street Journal’s article Apple Loses Bid to End App Antitrust Case in Supreme Court, “Consumers can sue Apple Inc. for forcing them

Read More

You May Want to Hold off on Saying “Cheese” for FaceApp

The latest security and privacy hysteria involving apps is “FaceApp” - - which may or may not upload all of your photos to a server owned by a Russian

Read More

Mobile Endpoint Security and Antivirus | Differences Between the Two

The challenge with explaining something new is making that new thing relatable to something someone else already knows and understands. This is why the

Read More

Securing Your React Native Apps: Top 6 Concerns to Address

In mobile app development, there are two primary approaches: native apps and hybrid apps. Native apps are developed for specific platforms using languages

Read More

Mobile Banking and The Modern Day Bonnie and Clyde: Is Your App Safe?

We live in an era where our lives are intertwined with our devices. With the majority of banking transactions moving from physical to digital

Read More

Mobile Banking Fraud vs. Mobile Banking Scams: The Risks and Repercussions

For finance and security professionals, understanding the nuances between fraud and scams in the mobile banking sector is critical for protecting customer assets and safeguarding institutional integrity.

Read More

Mobile Banking Heists: The Emerging Threats and How to Respond

The past year has witnessed significant technological advancements in the banking and financial management which have greatly improved convenience for

Read More

Iranian Mobile Banking Malware Campaign Threat Continues

Research by Aazim Bill SE Yaswant and Vishnu Pratapagiri In July 2023, it was discovered that  an Android mobile campaign, which consisted of banking

Read More

Mobile Security Amongst Olympic Teams at the Paris 2024 Summer Olympics

Mobile devices have become indispensable for Olympic teams, providing critical data for training, performance tracking, and real-time analysis. However, with the increasing reliance on mobile technology comes the pressing need for robust mobile security measures to protect sensitive data and ensure uninterrupted performance.

Read More

Mobile Security Predicted to be Fastest Growing Security Segment in 2021

According to Analysys Mason’s predictions for business connectivity, communications, IoT and security in 2021, mobile device security will be the fastest

Read More

Zimperium Selected CIO Applications Europe’s Top 10 Most Proficient Enterprise Mobility Solution Providers of 2019

The editorial team at CIOApplications Europe, along with a distinguished panel of CEOs, CIOs, VCs, and industry analysts, have named Zimperium to its list

Read More

Zimperium recognized in Gartner® Hype Cycle™ for Application Security 2023 for the third consecutive year

Learn why Zimperium has been recognized as a Sample Vendor for the 3rd consecutive year in the Gartner Hype Cycle for Application Security report.

Read More

Smashing Smishing with MTD

On September 04, The Hacker News reported on research published by Resecurity about a phishing campaign distributed through SMS (smishing). This campaign

Read More

Mobile Banking Malware, Regulation Stress & The Need for Adaptive Security

The rise of mobile banking malware has led to stringent banking security regulations and the need for adaptive security techniques that resolve evolving threats.

Read More

From Mobile Security Penetration Tester to Zimperium Employee

Read Zimperium's Georgia Weidman's journey from mobile security pen tester to Zimperium Security Architect & mobile security superhero.

Read More

Don’t Kick Yourself Later for Not Knowing the Privacy and Security Risks of Your Mobile Apps Now

New reports are published every week about privacy and security problems affecting everyday consumers via mobile apps. FaceApp, the mobile app for iOS and

Read More

OWASP Mobile Top 10: Why OWASP Publishes A Separate List

Learn why OWASP publishes a separate OWASP Mobile Top 10 list to address mobile’s fundamentally different characteristics, architectures, & threat vectors.

Read More

Apple’s Move to Third-Party App Stores: How Developers Can Prepare

As Apple prepares to open iOS to third-party app stores, learn how developers can ensure their apps meet Apple’s stringent security & privacy standards.

Read More

Securing Medical Devices & Their Connected Digital Health Apps

Connected medical devices are in increasing demand. Learn how building secure FDA-compliant digital health apps is key to securing medical devices.

Read More

A Comprehensive Guide to Mobile App Security

Learn about the most common mobile app attack vectors, how to prioritize mobile app security objectives, and development lifecycle best practices.

Read More

Taxed Not Hacked: Protect Sensitive Tax Data from Cybercrime

Sensitive financial data is shared online during tax season. Learn how to protect confidential tax information from cybercrime this tax season.

Read More

Zimperium Honored with Three Cybersecurity Excellence Awards

Read about Zimperium’s 2023 Gold Winner Cybersecurity Excellence Awards in Mobile Application Security, Mobile Security, & Mobile Threat Defense.

Read More

Device Attestation: A Key Capability for SoftPOS and High-Security Apps

Attestation and monitoring are a core component in meeting PCI MPoC standards. Learn how Zimperium helps meet the relevant security requirements defined in the MPoC standard while equipping SoftPOS developers with a flexible, highly configurable solution. Read more.

Read More

Zimperium Wins ‘Device Theft Prevention and Protection Solution of the Year’ in the 2022 Cybersecurity Breakthrough Awards

Zimperium has been named winner of this year’s “Cybersecurity Breakthrough Awards.” Recognized as the ‘Device Theft Prevention and Protection Solution of the Year,’ Zimperium was recognized for protecting the entire mobile ecosystem, identifying and revealing the most significant threats facing mobile devices and applications. Learn more.

Read More

Secure PIN-entry for PCI MPoC using Zimperium

With security being a key aspect of SoftPOS solutions and PCI MPoC certification, it’s important to use proven mobile application security tools from solutions providers that are committed to the space.  Zimperium’s Mobile Application Protection Suite (MAPS) enables mobile payment solution developers worldwide to quickly and efficiently develop secure and compliant mobile applications for MPoC.

Read More

Zimperium to Absorb Trustonic Application Protection (TAP) Business to Further Enhance Their Suite of Mobile Application Protection Solutions

As the result of a long, successful collaboration in which Zimperim provided all software-based security capabilities for Trustonic Application Protection (TAP), the two companies have agreed to have Zimperium absorb the Trustonic TAP solution and service to further enhance their suite of mobile application protection solutions. Learn more.

Read More

How to Address the Mobile Security Implications Posed by the New mHealth Era

For years, healthcare has been going through a digital transformation, and in many organizations, the pandemic has radically accelerated this trend.

Read More

2022 Mobile Banking Heists: The Emerging Threats and How to Respond

The landscape of modern banking and financial management has evolved with the rise of digital access to assets on a global scale. From payments to

Read More

SoftPOS is Bracing for Widespread Adoption. Learn How to Secure Your Mobile App for MPoC.

SoftPOS is gaining traction in the Point of Sale market. While SoftPOS isn’t new  — small merchants and payment brands have been piloting mobile

Read More

How to Secure Cryptographic Keys in Hostile Environments

When it comes to securing your confidential data, encryption is universally acknowledged as a requirement, but it’s not a silver bullet for security. The

Read More

The Increase in Mobile Wallet Adoption Impacts the Need for Security

The use of mobile payments is on the rise! According to industry data, mobile wallets are used by more than two billion people globally, with many

Read More

Quadrant Knowledge Solutions Names Zimperium The Leader in In-App Protection

Quadrant Knowledge Solutions, a global advisory and consulting firm, recently published its “SPARK Matrix: In-App Protection, 2022” report and ​​named

Read More

The State of Mobile App Security: Key Takeaways from 2022 Threat Report

Over the last few years, a major shift has occurred in how we use mobile devices and apps. Fundamentally, we continue to use our smartphones more and

Read More

Upcoming PSD2 Deadlines and What They Mean for Mobile App Security

When it comes to compliance, you’re never truly done. The environments you’re tasked with securing and auditing continue to evolve, and so do the

Read More

Why the Software Bill Of Materials(SBOM) Must Extend to the Mobile App Supply Chain

  Supply Chain attacks are not a new problem, but their frequency has been increasing since 2013 when Target was breached. But the recent attacks on

Read More

Are Healthcare Mobile Applications Really Healthy

Mobile apps are one of the most significant areas of growth in the healthcare industry. Before 2020, the market grew at more than 20% a year and is on its

Read More

Financial Apps Are Not As Safe As You Think

The Rise of Financial Mobile Apps Financial mobile applications help businesses across all sectors take advantage of growing markets. They create

Read More

Sideloaded Applications: The Risk of Fewer Restrictions

Would you trust an application on your device from a third-party app store? Would you trust that same app store on the endpoints connected to your

Read More

Elaborate Scam App Impersonates Leading Asian Bank; Victims Duped into ‘Investing’

Campaign is still active and growing; second bank app identified Zimperium, in collaboration with a leading Asian bank, have uncovered the early stages of

Read More

Automate Mobile Application Security Testing from Jenkins

Mobile apps require continuous testing throughout the development process to ensure proper compliance and security measures are in place. If you are using

Read More

Millions Stolen from US and EU Banks Could’ve Been Prevented

Millions stolen from US and EU banks could've been prevented. According to a recent Ars Technica article, “Researchers from IBM Trusteer say they’ve

Read More

Top 3 Ways to Protect Microsoft Teams on BYO Mobile Devices

During a recent webinar on the Top Five Mobile Security Stories of a Crazy 2020, I listed my number one story around COVID-19 creating a situation unlike

Read More

Threat Advisory: BlackRock Mobile Malware

What is it? BlackRock - an advanced Android malware derived from Xeres malware - evades detection and steals login credentials or credit card data from

Read More

Mobile Pen Testing’s Secret Weapon: Continuous & Automated Scanning

This is the first of a two part series examining the different audiences benefiting from Zimperium’s zScan. This blog looks at pen testers. The second

Read More

2020 Mobile App Breaches, Failures, and Data Leaks

2020 has recorded more mobile app breaches, failures, and data leaks thus far than all of 2019. Take a look below and scroll through the dozens of stories

Read More

TikTok... TikTok... It’s Time to Address the Privacy and Security Risks of All Mobile Apps

The U.S. is “looking at” banning TikTok and other Chinese social media apps, Secretary of State Mike Pompeo told Fox News on Monday. This comes on the

Read More

Mobile App Security vs. Web App Security | How They Differ

Mobile Apps Are Different Than Web Apps; Mobile and Web App Security Must Be Different Too From a security perspective, almost every company invests in

Read More

Top Mobile Finance Apps Consistently Failing Security and Data Privacy Tests

iOS and Android apps fail coding best practices, are susceptible to reverse engineering, and share sensitive user data Executive Summary Top banks and

Read More

Securing Our Mobile Banking App

I recently talked with Julian Hall, senior vice president of enterprise architecture and application development at Security Service Federal Credit Union,

Read More

3 Reasons Security is Foundational for Mobile App Development

On any given day, I’ll read at least one article about an enterprise release of a new app. I’ll also see many more that I just don’t have time to read. I

Read More

3 Reasons Mobile App Security Should be a Top Priority

There is a reasonable chance you are reading this blog using an app on a mobile device. As of 2019, 53% of all internet traffic was from mobile devices

Read More

Enhance App Shielding with In-App Protection

Mobile devices and the apps operating on them expose your backend systems to cyberattacks. Attackers exploit vulnerabilities in mobile operating systems

Read More

Zimperium Extends Mobile Security Leadership by Delivering First Complete Mobile Application Security Solution

New Mobile Application Protection Suite (MAPS) Identifies Security, Privacy and Compliance Issues During Development and Protects Apps While In Use 

Read More

Security and Privacy Issues Found in Popular Dating Apps

An estimated 25.1 million people used a dating app at least monthly in 2019, a 5.3% increase from the amount of users in 2018. While users may find love,

Read More

Zimperium’s “State of Enterprise Mobile Security” Report for 2019

It is no longer a matter of if or when an enterprise’s mobile endpoints are at risk of being attacked - - they already are; that according to findings in

Read More

TikTok is the Rule, Not the Exception, When it Comes to Mobile App Privacy and Security Risks

Unfortunately for TikTok, 2020 isn’t starting off well. The video-sharing social networking service that was under fire by U.S. legislatures in 2019, is

Read More

Privacy and Security Issues Found in Popular Shopping Apps

Just in time for Black Friday, Cyber Monday and the holiday shopping season, we investigated the most recent versions* of 30 of the leading, well-known

Read More

Zimperium Analyzes TikTok’s Security and Privacy Risks

Several news outlets over the last few days are talking about how TikTok, the viral short video app where millions of teens post comedy skits set to

Read More

Security and Privacy Issues Found in Popular Travel Apps

Planned your holiday travel just yet? Too soon? Not according to experts who told The Today Show the best time to book your Thanksgiving AND Christmas

Read More

When to Use In-App Protection

There are more than 5 million apps in the app stores. Most of these apps fit into the gaming, business, education, lifestyle, entertainment, and utility

Read More

What exactly is a mobile ______ attack?

Mobile devices contain or have access to the same information as traditional endpoints. While billions of dollars have been spent protecting and securing

Read More

The Dangers of Public WiFi: Were you Hacked on your Daily Commute?

I had to do it. Afterall, I talk about it with customers and prospects daily. Had to see for myself.  About a week ago, I was on a train in Australia.

Read More

The State of Mobile Device Threats: 2019 H1 Mobile Threat Report

As the worldwide leader in mobile threat defense (MTD), no company protects more enterprise mobile devices than Zimperium. As a result, we have incredibly

Read More

Latest Android Malware is Not a Surprise; Zimperium Customers Protected

According to news reports, a new strain of Android malware has infected 25 million devices and modified legitimate apps with a malicious ads module.  

Read More