Threat Research

Rapid Response: Zimperium Detects Lazarus Stealer Campaign with Full Coverage and Additional Samples

Zimperium detects and neutralizes Lazarus Stealer, a sophisticated Android banking malware, enhancing mobile defenses with comprehensive threat coverage and additional samples.

Read More

Rapid Response: Zimperium’s Full Coverage of PhantomCard NFC-Relay Android Malware

Zimperium uncovers and blocks PhantomCard, a sophisticated NFC-relay Android banking trojan targeting Brazilian users.

Read More

The Root(ing) Of All Evil: Security Holes That Could Compromise Your Mobile Device

Learn how vulnerabilities in rooting frameworks like KernelSU can expose your Android device to severe security risks, and discover how Zimperium zLabs helps mitigate these threats.

Read More

The Dark Side of Romance: SarangTrap Extortion Campaign

A cross-platform malware campaign, SarangTrap, uses fake dating apps to steal sensitive data from mobile users, revealing the dark side of digital romance.

Read More

Konfety Returns: Classic Mobile Threat with New Evasion Techniques

New Konfety malware variant uses advanced evasion techniques to target Android devices, complicating detection and analysis for security professionals. Learn about its sophisticated tactics and impacts.

Read More

From Lock Screen to Wallets: BTMOB RAT Now Targets Alipay PINs

On February 12, Cyble reported the discovery of a new variant of the BTMOB spyware, named BTMOB RAT v2.5. This malicious software is being distributed through deceptive phishing sites impersonating popular streaming services like iNat TV and fraudulent cryptocurrency mining platforms.

Read More

Rapid Response: Zimperium Detects SuperCardX NFC Relay Fraud Operation

A recent report by Cleafy uncovered SuperCardX, a sophisticated Malware-as-a-Service (MaaS) operation used for conducting NFC relay fraud.

Read More

Your Apps are Leaking: The Hidden Data Risks on your Phone, Part 1

Learn about the hidden data risks in mobile apps, focusing on cloud and cryptography vulnerabilities that could expose sensitive information. Discover how to protect your enterprise.

Read More

Pragmatic Crocodilus: A New Variant In the Horizon

Following ThreatFabric’s publication on Crocodilus, a sophisticated Android banking trojan, our zLabs team conducted a deeper investigation into its broader ecosystem.

Read More

Catch Me If You Can: Rooting Tools vs The Mobile Security Industry

Our zLabs team dives into why rooting and jailbreaking is a significant threat for enterprises and much more.

Read More

So You Think That Popular App is Safe? Think Again!

Our security research team looked at the top 50 apps from iOS App store and Android Play Store and identified one app from each category that exhibited a high security or privacy vulnerability score.

Read More

Mobile Indian Cyber Heist: FatBoyPanel And His Massive Data Breach

Our zLabs research team has discovered a mobile malware campaign consisting of almost 900 malware samples primarily targeting users of Indian banks.

Read More

Zimperium’s Protection Against Tria Stealer’s SMS Data Theft

As part of our ongoing mission to identify emerging threats to mobile security, our zLabs team shares how we can help protect you against Tria Stealer.

Read More

Zimperium’s Comprehensive Protection Against Fake SBI Reward Banking Trojan

As part of our ongoing mission to identify emerging threats to mobile security, our zLabs team shares how we can help protect you against fake SBI Reward banking trojan.

Read More

Hidden in Plain Sight: PDF Mishing Attack

As part of our ongoing mission to identify emerging threats to mobile security, our zLabs team has been actively tracking a phishing campaign impersonating the United States Postal Service (USPS) which is exclusively targeting mobile devices.

Read More

Zimperium’s Coverage Against Android Malware in Donot APT Operations and Extended Indicators of Compromise

Take a look at Zimperium’s coverage against Android malware in Donot APT operations and extended indicators of compromise.

Read More

How Zimperium Can Help With Advanced Spyware Such as NoviSpy

Discover how Zimperium can help with advanced spyware such as NoviSpy.

Read More

Mobile Spear Phishing Targets Executive Teams

Over the past few months, enterprises have observed a pattern of sophisticated spearphishing attempts targeting their executives, with some specifically targeting their mobile devices. Our blog shares the details.

Read More

Browser-based CVE-2015-3864 Metasploit Module Now Available for Testing

By:Zuk Avraham Follow Zuk Avraham (@ihackbanme)Joshua Drake Follow Joshua Drake (@jduck) Last year, we disclosed a series of critical vulnerabilities

Read More

Mishing in Motion: Uncovering the Evolving Functionality of FakeCall Malware

In this blog post we share Zimperium’s Zero-Day Protection against the Water Makara Spear-Phishing campaign.

Read More

Zimperium’s Zero-Day Protection Against Water Makara Spear-Phishing Campaign

In this blog post we share Zimperium’s Zero-Day Protection against the Water Makara Spear-Phishing campaign.

Read More

Expanding the Investigation: Deep Dive into Latest TrickMo Samples

Our analysis of TrickMo suggests that many of these samples remain undetected by the broader security community.

Read More

Zimperium’s Zero-Day Defense Against Octo2 Malware Targeting European Banks

Zimperium’s Mobile Threat Defense (MTD) and its Mobile App Protection Suite (MAPS) solution provide robust protection against Octo2, detecting all known samples in a zero-day fashion.

Read More

iOS and the WebP Vulnerability

In this blog post we will underline the differences and the similarities on how iOS developers reacted to the WebP vulnerability and our observed patching trends of those iOS applications. 

Read More

Zimperium Coverage on COLDRIVER Phishing Campaign 

The recently uncovered "River of Phish" campaign, attributed to the Russian threat actor COLDRIVER, targets Western and Russian civil society through sophisticated spear-phishing attacks.

Read More

Zimperium Detects New Android Spyware Targeting South Korea

Security researchers at Cyble have uncovered a new Android spyware campaign primarily targeting individuals in South Korea. This sophisticated malware, masquerading as legitimate applications, poses a significant threat to user privacy and data security.

Read More

Unmasking SpyAgent: Zimperium’s Zero-Day Defense Against Cryptocurrency Theft

Zimperium’s Zero-Day defense against a sophisticated Android malware campaign involving SpyAgent, a spyware strain designed to steal cryptocurrency credentials.

Read More

Preventing Infections of N-Day Exploits Delivered via Malicious Websites

State-backed attackers and commercial surveillance vendors repeatedly using N-day exploits to target known vulnerabilities in devices. 

Read More

BlankBot: A New Android Banking Trojan Cannot Evade on Device Machine Learning Protection

Learn the top 7 source code obfuscation techniques.

Read More

aLTEr: POC Exploit of LTE Layer Two

Long Term Evolution (LTE) is the latest mobile telephony standard designed to bring many security improvements over the predecessor standard known as the

Read More

More Malware May be Exposed to iOS Devices Because of Supreme Court Ruling

According to The Wall Street Journal’s article Apple Loses Bid to End App Antitrust Case in Supreme Court, “Consumers can sue Apple Inc. for forcing them

Read More

The Growing Risks of On-Device Fraud

The picture is painfully clear . . . organizations are not seeing a slowdown in financial fraud targeting  mobile devices. Mastercard recently shared that

Read More

Mobile Banking Fraud vs. Mobile Banking Scams: The Risks and Repercussions

For finance and security professionals, understanding the nuances between fraud and scams in the mobile banking sector is critical for protecting customer assets and safeguarding institutional integrity.

Read More

Mobile Device Management & Mobile Threat Defense: A Love Story

MDM and MTD were made for each other. It was love at first byte. Read the love story. Live the romance. Truly better together.

Read More

The Risks of Quishing and How Enterprises Can Stay Secure

Cybercriminals are exploiting QR codes through phishing attacks, called quishing, which are exposing employees and organizations to the risk  of data loss, credential theft, and unauthorized access to corporate networks.

Read More

New Year, New Hires, New Devices: Kick Start the Year with Endpoint Security

As we welcome the new year, businesses around the world are gearing up for growth and expansion. Let’s dive into some of the threats mobile devices can face and explore how Zimperium Mobile Threat Defense (MTD) can help enterprises protect your enterprise. 

Read More

Mobile Banking Heists: The Emerging Threats and How to Respond

The past year has witnessed significant technological advancements in the banking and financial management which have greatly improved convenience for

Read More

Iranian Mobile Banking Malware Campaign Threat Continues

Research by Aazim Bill SE Yaswant and Vishnu Pratapagiri In July 2023, it was discovered that  an Android mobile campaign, which consisted of banking

Read More

Zimperium recognized in Gartner® Hype Cycle™ for Application Security 2023 for the third consecutive year

Learn why Zimperium has been recognized as a Sample Vendor for the 3rd consecutive year in the Gartner Hype Cycle for Application Security report.

Read More

Malicious WiFi Connections: Welcome to RSA Conference 2019

Nicolás Chiaraviglio (@chiconara) We recently blogged about attacks perpetrated at WiFi networks in Barcelona before and during the 2019 Mobile World

Read More

Half-Year Review: Emerging Mobile Threats and Key Trends in 2022

As the saying goes, time is money. While this does remain true, I’d also argue data is money. The mobile phones we carry in our pockets have quickly come

Read More

The Mobile Malware Chronicles: Necro.N - Volume 101

Zimperium researchers analyze Necro.N and focuses on the differences and elements.

Read More

Detection of TowelRoot & Exploits of CVE-2014-3153

  Today we had the opportunity to see the engine of zIPS our Mobile IPS in action on a newly published vulnerability. As a reminder, we prefer

Read More

2022 Recap: The Top Mobile Security Stories from Last Year

Over the course of 2022, a number of significant mobile security stories emerged. These events had a big impact last year, and they will certainly shape the security landscape that we must navigate as we enter 2023. Here is our take on the top mobile security stories that emerged in 2022.

Read More

Smashing Smishing with MTD

On September 04, The Hacker News reported on research published by Resecurity about a phishing campaign distributed through SMS (smishing). This campaign

Read More

Unveiling the Tactics of Lapsus$: A Review of Internal Attacks Vectors, Mobile Device Exploitation, and Social Engineering Techniques

On August 10, 2023, the U.S. Department of Homeland Security (DHS) released the Cyber Safety Review Board (CSRB) report summarizing the findings of its

Read More

Mobile Banking Malware, Regulation Stress & The Need for Adaptive Security

The rise of mobile banking malware has led to stringent banking security regulations and the need for adaptive security techniques that resolve evolving threats.

Read More

Unsupported Compression Methods Enable Android Malware to Bypass Detection

Zimperium identified 3,300 Android malware samples using unsupported compression methods to bypass detection. Learn more & how Zimperium customers are protected.

Read More

Mobile Ransomware - How Handheld and Mobile Devices Leave Organizations Exposed

In the era of the mobile-first business, learn how malicious actors are increasingly turning their focus to mobile ransomware.

Read More

2023 Global Mobile Threat Report: Key Insights on the State of Mobile Security

Download the 2023 Global Mobile Threat Report to learn more about the key findings and trends that shape today's mobile security landscape.

Read More

OilAlpha: Learn How Zimperium MTD Protects Against This New Threat

Learn about emerging threats from the OilAlpha group and how Zimperium MTD customers are protected against the OilAlpha group and other similar threats.

Read More

BouldSpy: A New Android Surveillance Tool

Learn about BouldSpy, a newly discovered Android surveillance tool, and how Zimperium's on-device machine-learning technology can protect you.

Read More

Kimsuky Threat Actor Churns Out Advanced Malware

Learn about Kimsuky's new malware tactics and how Zimperium customers are protected against these cybersecurity threats.

Read More

Mobile Sypware Threats Put Businesses & Government Agencies at Risk

Learn how increasing mobile spyware threats threaten businesses & government agencies and how mobile threat defense solutions can provide protection.

Read More

MoneyMonger: Predatory Loan Scam Campaigns Move to Flutter

The Zimperium zLabs team recently discovered a Flutter application with malicious code. The Flutter-obfuscated malware campaign, MoneyMonger, is solely distributed through third-party app stores and sideloaded onto the victim’s Android device and most commonly take advantage of social engineering through phishing messages, compromised websites, rogue WiFi networks, and social media to distribute the download links. Read more to learn how Zimperium customers are protected.

Read More

Schoolyard Bully Trojan Facebook Credential Stealer

Zimperium zLabs has discovered a new Android threat campaign, the Schoolyard Bully Trojan, which has been active since 2018 and has spread to over 300,000 victims and is specifically targeting Facebook credentials. To learn more about this new threat, read more on our blog.

Read More

The Case of Cloud9 Chrome Botnet

The Zimperium zLabs team recently discovered a malicious browser extension, originally called Cloud9, which not only steals the information available during the browser session but can also install malware on a user's device and subsequently assume control of the entire device. In this blog, we will take a deeper look into this malicious browser extension.

Read More

We Smell A RatMilad Android Spyware

The Zimperium zLabs research team discovered spyware targeting Middle Eastern enterprise mobile devices and began monitoring the activity of a novel Android spyware family that we have since named RatMilad. Learn how Zimperium zIPS customers are protected against RatMilad spyware. Read more.

Read More

Mobile Attack Chains: The Real World Risks to Enterprise Security

Identifying a problem is a critical first step, but there can be a big leap between detecting an issue and fixing it. This is very much the case when it

Read More

4 Common types of Malware and What's the Difference (Trojan, Spyware, Viruses, Ransomware)

Malware is malicious code that threat actors use to compromise data collected, stored, processed, or transmitted by mobile devices, computers, servers, or

Read More

2022 Mobile Banking Heists: The Emerging Threats and How to Respond

The landscape of modern banking and financial management has evolved with the rise of digital access to assets on a global scale. From payments to

Read More

ABCsoup: The Malicious Adware Extension with 350 Variants

What can ABCsoup do? Recently Zimperium discovered and began monitoring the growth of a wide range of malicious browser extensions with the same extension

Read More

The State of Browser Extension Malware

It is time for us to change how we think about malware. No longer is it limited to one specific operating system or device type. Like with phishing

Read More

The State of Mobile App Security: Key Takeaways from 2022 Threat Report

Over the last few years, a major shift has occurred in how we use mobile devices and apps. Fundamentally, we continue to use our smartphones more and

Read More

2022 Global Mobile Threat Report: Key Insights on the State of Mobile Security

What’s the mobile security landscape like today, how has it changed, and what can security teams expect over the course of 2022? To provide answers, we’ve

Read More

Financially Motivated Mobile Scamware Exceeds 100M Installations

Research by Aazim Bill SE Yaswant and Nipun Gupta While some financially motivated scams may seem simple on the surface, the truth of the matter is that

Read More

BRATA Android Trojan Returns with Fury

Share this blog Marking its most aggressive comeback to the Android ecosystem since its discovery in 2019, the BRATA Android malware has targeted global vi

Read More

Pegasus Spyware Found on U.S. State Department iPhones

On December 3rd, Christopher Bing and Joseph Menn at Reuters disclosed that iPhones of numerous U.S. State Department employees were hacked by an unknown

Read More

PhoneSpy: The App-Based Cyberattack Snooping South Korean Citizens

Update November 22, 2021: It has been determined that this specific campaign is no longer active. The command and control server has been taken down, and

Read More

GriftHorse Android Trojan Steals Millions from Over 10 Million Victims Globally

Research and writeup by Aazim Yaswant and Nipun Gupta With the increase of mobile device use in everyday life, it is no surprise to see cybercriminals

Read More

FlyTrap Android Malware Compromises Thousands of Facebook Accounts

A new Android Trojan codenamed FlyTrap has hit at least 140 countries since March 2021 and has spread to over 10,000 victims through social media

Read More

Pegasus Mobile Spyware used to target journalists, activists, and more

A massive data leak revealed an iOS spyware malware called Pegasus had been used by authoritative governments to target over 50,0000 journalists,

Read More

Sideloaded Applications: The Risk of Fewer Restrictions

Would you trust an application on your device from a third-party app store? Would you trust that same app store on the endpoints connected to your

Read More

Flubot vs. Zimperium

Over the past few weeks, reports of the newest aggressive malware family to impact Android devices have made the rounds. Flubot, the credential and

Read More

Android Trojans Infect APKPure and Huawei App Stores

Two new active and aggressive Android Trojan variants have been discovered in the wild, impacting users taking advantage of two alternatives, non-Google

Read More

New Advanced Android Malware Posing as “System Update"

Another week, and another major mobile security risk. A few weeks ago, Zimperium zLabs researchers disclosed unsecured cloud configurations exposing

Read More

Joker is No Laughing Matter: 64 New Variants Discovered in Less Than a Month

As part of Google’s App Defense Alliance, Zimperium helps make the Android ecosystem safer by processing all apps before they reach Google Play. However,

Read More

Threat Advisory: BlackRock Mobile Malware

What is it? BlackRock - an advanced Android malware derived from Xeres malware - evades detection and steals login credentials or credit card data from

Read More

Zimperium Discovers MobOk Malware Left Undetected by AV Industry for Months

zLabs researchers have uncovered a new variant of the MobOk campaign. The samples found evaded detection by AV vendors for months. Zimperium worked with

Read More

Dr. Jekyll and Mr. “Hide” - How Covert Malware Made it into Apple’s App Store

Today, enterprises feature a mixture of corporate and employee-owned mobile devices with the average individual downloading anywhere from 60 to 90 apps

Read More

How Zimperium’s z9 Detected Unknown Mobile Malware Overlooked by the AV Industry

Introduction Thousands of new malicious apps are being released for mobile devices every day. And thousands more variations of older malware are being

Read More

The Unpatchable Checkra1n Exploit

Today, the “unpatchable” jailbreak known as  Checkra1n (Device Compatibility) was officially released and generally available. Checkra1n is unprecedented

Read More

Zimperium and Google Partner to Fight Bad Apps through App Defense Alliance

We are thrilled to announce Google has selected us to help ensure the safety of the millions of apps in the Google Play Store through its App Defense

Read More

Malicious Websites Put iOS Devices At Risk

In an excellent and deep blog analysis, Ian Beer of Google’s Project Zero outlines five separate iOS exploit chains that were found on a small collection

Read More

New iOS Jailbreak Tools put Organizations at Risk

According to iDownloadBlog.com (iDB), “in an unforeseen turn of events, hacker Pwn20wnd released v3.5.0 of the unc0ver jailbreak tool to the general

Read More

What exactly is a mobile ______ attack?

Mobile devices contain or have access to the same information as traditional endpoints. While billions of dollars have been spent protecting and securing

Read More

Zimperium’s “State of Enterprise Mobile Security” Report Says Every Enterprise has Mobile Security Threats and Attacks

  Mobile devices continue to be the target of attack at increasing rates.  There is a relatively simple explanation for this - in a typical

Read More

The Dangers of Public WiFi: Were you Hacked on your Daily Commute?

I had to do it. Afterall, I talk about it with customers and prospects daily. Had to see for myself.  About a week ago, I was on a train in Australia.

Read More

Zimperium Customers Protected From Monokle Malware

According to Threatpost, another new malicious Android app - dubbed “Monokle”- is gaining attention. While Monokle has some interesting capabilities

Read More

The State of Mobile Device Threats: 2019 H1 Mobile Threat Report

As the worldwide leader in mobile threat defense (MTD), no company protects more enterprise mobile devices than Zimperium. As a result, we have incredibly

Read More

Latest Android Malware is Not a Surprise; Zimperium Customers Protected

According to news reports, a new strain of Android malware has infected 25 million devices and modified legitimate apps with a malicious ads module.  

Read More

5 Must-Have Sections For Every Enterprise Mobile Security RFP - Must-Have #4: Security Technology & Workflow Integrations

Our fourth webinar in our series of “The 5 Must-Have Sections for Every Enterprise Mobile Security Request For Proposal (RFP)” reviews Security

Read More

The Mobile Watering Hole: How A Sip Leads to A Trojan Compromise

"Watering Hole" is a cyber attack strategy in which the victim is a particular group (organization, industry, or region). In this attack, the attacker

Read More

WhatsApp Buffer Overflow Vulnerability: Under the Scope

Researcher: Chilik Tamir (@_coreDump)   Recently, Zimperium blogged about the new WhatsApp vulnerability disclosed by Facebook on May 13th. This

Read More

CVE-2019-8545: Vulnerability in IOHIDFamily.kext

Summary A local user may be able to cause unexpected system termination or read kernel memory. Details In the function

Read More

It’s Not Your Father’s Endpoint - What if a Mobile Device is Attacked?

In my first blog, I discussed why mobile devices are the likely choice for savvy attackers since they typically have no endpoint protection. Let's

Read More

WhatsApp Buffer Overflow Vulnerability Reportedly Exploited In The Wild

A new WhatsApp vulnerability has attracted the attention of the press and security professionals around the world. Zimperium zLabs will be creating a

Read More

You’ve Just Won $1,000! Lucky You!

We’ve all seen them. They are annoying; can be abusive and sometimes malicious. It goes something like this: You’re navigating a web page to read an

Read More

Zimperium Webinar Series: Seven Deadly (Mobile Security) Sins… According to CISOs

Zimperium, a global leader in enterprise mobile threat defense (MTD) and a leading provider of real-time, on-device protection against known and unknown

Read More

Machine Learning vs Signatures, Round N: Once Again, Zimperium Detects Malware No One Else Does

Analysis & Post By: Alex Calleja (@alximw) Matteo Favaro (@fvrmatteo)     Advertising and click fraud campaigns are one of the most common

Read More