Threat Research

August 20, 2025

Rapid Response: Zimperium Detects Lazarus Stealer Campaign with Full Coverage and Additional Samples

Zimperium detects and neutralizes Lazarus Stealer, a sophisticated Android banking malware, enhancing mobile defenses with comprehensive threat coverage and additional samples.

Read More

August 14, 2025

Rapid Response: Zimperium’s Full Coverage of PhantomCard NFC-Relay Android Malware

Zimperium uncovers and blocks PhantomCard, a sophisticated NFC-relay Android banking trojan targeting Brazilian users.

Read More

August 13, 2025

The Root(ing) Of All Evil: Security Holes That Could Compromise Your Mobile Device

Learn how vulnerabilities in rooting frameworks like KernelSU can expose your Android device to severe security risks, and discover how Zimperium zLabs helps mitigate these threats.

Read More

July 23, 2025

The Dark Side of Romance: SarangTrap Extortion Campaign

A cross-platform malware campaign, SarangTrap, uses fake dating apps to steal sensitive data from mobile users, revealing the dark side of digital romance.

Read More

July 15, 2025

Konfety Returns: Classic Mobile Threat with New Evasion Techniques

New Konfety malware variant uses advanced evasion techniques to target Android devices, complicating detection and analysis for security professionals. Learn about its sophisticated tactics and impacts.

Read More

April 23, 2025

From Lock Screen to Wallets: BTMOB RAT Now Targets Alipay PINs

On February 12, Cyble reported the discovery of a new variant of the BTMOB spyware, named BTMOB RAT v2.5. This malicious software is being distributed through deceptive phishing sites impersonating popular streaming services like iNat TV and fraudulent cryptocurrency mining platforms.

Read More

April 22, 2025

Rapid Response: Zimperium Detects SuperCardX NFC Relay Fraud Operation

A recent report by Cleafy uncovered SuperCardX, a sophisticated Malware-as-a-Service (MaaS) operation used for conducting NFC relay fraud.

Read More

April 16, 2025

Your Apps are Leaking: The Hidden Data Risks on your Phone, Part 1

Learn about the hidden data risks in mobile apps, focusing on cloud and cryptography vulnerabilities that could expose sensitive information. Discover how to protect your enterprise.

Read More

April 14, 2025

Pragmatic Crocodilus: A New Variant In the Horizon

Following ThreatFabric’s publication on Crocodilus, a sophisticated Android banking trojan, our zLabs team conducted a deeper investigation into its broader ecosystem.

Read More

March 14, 2025

Catch Me If You Can: Rooting Tools vs The Mobile Security Industry

Our zLabs team dives into why rooting and jailbreaking is a significant threat for enterprises and much more.

Read More

February 12, 2025

So You Think That Popular App is Safe? Think Again!

Our security research team looked at the top 50 apps from iOS App store and Android Play Store and identified one app from each category that exhibited a high security or privacy vulnerability score.

Read More

February 4, 2025

Mobile Indian Cyber Heist: FatBoyPanel And His Massive Data Breach

Our zLabs research team has discovered a mobile malware campaign consisting of almost 900 malware samples primarily targeting users of Indian banks.

Read More

January 31, 2025

Zimperium’s Protection Against Tria Stealer’s SMS Data Theft

As part of our ongoing mission to identify emerging threats to mobile security, our zLabs team shares how we can help protect you against Tria Stealer.

Read More

January 27, 2025

Zimperium’s Comprehensive Protection Against Fake SBI Reward Banking Trojan

As part of our ongoing mission to identify emerging threats to mobile security, our zLabs team shares how we can help protect you against fake SBI Reward banking trojan.

Read More

January 24, 2025

Hidden in Plain Sight: PDF Mishing Attack

As part of our ongoing mission to identify emerging threats to mobile security, our zLabs team has been actively tracking a phishing campaign impersonating the United States Postal Service (USPS) which is exclusively targeting mobile devices.

Read More

January 23, 2025

Zimperium’s Coverage Against Android Malware in Donot APT Operations and Extended Indicators of Compromise

Take a look at Zimperium’s coverage against Android malware in Donot APT operations and extended indicators of compromise.

Read More

December 19, 2024

How Zimperium Can Help With Advanced Spyware Such as NoviSpy

Discover how Zimperium can help with advanced spyware such as NoviSpy.

Read More

December 18, 2024

Mobile Spear Phishing Targets Executive Teams

Over the past few months, enterprises have observed a pattern of sophisticated spearphishing attempts targeting their executives, with some specifically targeting their mobile devices. Our blog shares the details.

Read More

November 7, 2024

Browser-based CVE-2015-3864 Metasploit Module Now Available for Testing

By:Zuk Avraham Follow Zuk Avraham (@ihackbanme)Joshua Drake Follow Joshua Drake (@jduck) Last year, we disclosed a series of critical vulnerabilities

Read More

October 30, 2024

Mishing in Motion: Uncovering the Evolving Functionality of FakeCall Malware

In this blog post we share Zimperium’s Zero-Day Protection against the Water Makara Spear-Phishing campaign.

Read More

October 21, 2024

Zimperium’s Zero-Day Protection Against Water Makara Spear-Phishing Campaign

In this blog post we share Zimperium’s Zero-Day Protection against the Water Makara Spear-Phishing campaign.

Read More

October 11, 2024

Expanding the Investigation: Deep Dive into Latest TrickMo Samples

Our analysis of TrickMo suggests that many of these samples remain undetected by the broader security community.

Read More

October 7, 2024

Zimperium’s Zero-Day Defense Against Octo2 Malware Targeting European Banks

Zimperium’s Mobile Threat Defense (MTD) and its Mobile App Protection Suite (MAPS) solution provide robust protection against Octo2, detecting all known samples in a zero-day fashion.

Read More

October 7, 2024

iOS and the WebP Vulnerability

In this blog post we will underline the differences and the similarities on how iOS developers reacted to the WebP vulnerability and our observed patching trends of those iOS applications. 

Read More

October 1, 2024

Zimperium Coverage on COLDRIVER Phishing Campaign 

The recently uncovered "River of Phish" campaign, attributed to the Russian threat actor COLDRIVER, targets Western and Russian civil society through sophisticated spear-phishing attacks.

Read More

September 26, 2024

Zimperium Detects New Android Spyware Targeting South Korea

Security researchers at Cyble have uncovered a new Android spyware campaign primarily targeting individuals in South Korea. This sophisticated malware, masquerading as legitimate applications, poses a significant threat to user privacy and data security.

Read More

September 9, 2024

Unmasking SpyAgent: Zimperium’s Zero-Day Defense Against Cryptocurrency Theft

Zimperium’s Zero-Day defense against a sophisticated Android malware campaign involving SpyAgent, a spyware strain designed to steal cryptocurrency credentials.

Read More

September 5, 2024

Preventing Infections of N-Day Exploits Delivered via Malicious Websites

State-backed attackers and commercial surveillance vendors repeatedly using N-day exploits to target known vulnerabilities in devices. 

Read More

August 12, 2024

BlankBot: A New Android Banking Trojan Cannot Evade on Device Machine Learning Protection

Learn the top 7 source code obfuscation techniques.

Read More

July 2, 2024

aLTEr: POC Exploit of LTE Layer Two

Long Term Evolution (LTE) is the latest mobile telephony standard designed to bring many security improvements over the predecessor standard known as the

Read More

May 1, 2024

More Malware May be Exposed to iOS Devices Because of Supreme Court Ruling

According to The Wall Street Journal’s article Apple Loses Bid to End App Antitrust Case in Supreme Court, “Consumers can sue Apple Inc. for forcing them

Read More

March 19, 2024

The Growing Risks of On-Device Fraud

The picture is painfully clear . . . organizations are not seeing a slowdown in financial fraud targeting  mobile devices. Mastercard recently shared that

Read More

March 7, 2024

Mobile Banking Fraud vs. Mobile Banking Scams: The Risks and Repercussions

For finance and security professionals, understanding the nuances between fraud and scams in the mobile banking sector is critical for protecting customer assets and safeguarding institutional integrity.

Read More

February 13, 2024

Mobile Device Management & Mobile Threat Defense: A Love Story

MDM and MTD were made for each other. It was love at first byte. Read the love story. Live the romance. Truly better together.

Read More

February 8, 2024

The Risks of Quishing and How Enterprises Can Stay Secure

Cybercriminals are exploiting QR codes through phishing attacks, called quishing, which are exposing employees and organizations to the risk  of data loss, credential theft, and unauthorized access to corporate networks.

Read More

January 22, 2024

New Year, New Hires, New Devices: Kick Start the Year with Endpoint Security

As we welcome the new year, businesses around the world are gearing up for growth and expansion. Let’s dive into some of the threats mobile devices can face and explore how Zimperium Mobile Threat Defense (MTD) can help enterprises protect your enterprise. 

Read More

January 18, 2024

Mobile Banking Heists: The Emerging Threats and How to Respond

The past year has witnessed significant technological advancements in the banking and financial management which have greatly improved convenience for

Read More

November 28, 2023

Iranian Mobile Banking Malware Campaign Threat Continues

Research by Aazim Bill SE Yaswant and Vishnu Pratapagiri In July 2023, it was discovered that  an Android mobile campaign, which consisted of banking

Read More

November 8, 2023

Zimperium recognized in Gartner® Hype Cycle™ for Application Security 2023 for the third consecutive year

Learn why Zimperium has been recognized as a Sample Vendor for the 3rd consecutive year in the Gartner Hype Cycle for Application Security report.

Read More

November 8, 2023

Malicious WiFi Connections: Welcome to RSA Conference 2019

Nicolás Chiaraviglio (@chiconara) We recently blogged about attacks perpetrated at WiFi networks in Barcelona before and during the 2019 Mobile World

Read More

November 8, 2023

Half-Year Review: Emerging Mobile Threats and Key Trends in 2022

As the saying goes, time is money. While this does remain true, I’d also argue data is money. The mobile phones we carry in our pockets have quickly come

Read More

November 8, 2023

The Mobile Malware Chronicles: Necro.N - Volume 101

Zimperium researchers analyze Necro.N and focuses on the differences and elements.

Read More

November 8, 2023

Detection of TowelRoot & Exploits of CVE-2014-3153

  Today we had the opportunity to see the engine of zIPS our Mobile IPS in action on a newly published vulnerability. As a reminder, we prefer

Read More

November 7, 2023

2022 Recap: The Top Mobile Security Stories from Last Year

Over the course of 2022, a number of significant mobile security stories emerged. These events had a big impact last year, and they will certainly shape the security landscape that we must navigate as we enter 2023. Here is our take on the top mobile security stories that emerged in 2022.

Read More

September 18, 2023

Smashing Smishing with MTD

On September 04, The Hacker News reported on research published by Resecurity about a phishing campaign distributed through SMS (smishing). This campaign

Read More

August 29, 2023

Unveiling the Tactics of Lapsus$: A Review of Internal Attacks Vectors, Mobile Device Exploitation, and Social Engineering Techniques

On August 10, 2023, the U.S. Department of Homeland Security (DHS) released the Cyber Safety Review Board (CSRB) report summarizing the findings of its

Read More

August 22, 2023

Mobile Banking Malware, Regulation Stress & The Need for Adaptive Security

The rise of mobile banking malware has led to stringent banking security regulations and the need for adaptive security techniques that resolve evolving threats.

Read More

August 16, 2023

Unsupported Compression Methods Enable Android Malware to Bypass Detection

Zimperium identified 3,300 Android malware samples using unsupported compression methods to bypass detection. Learn more & how Zimperium customers are protected.

Read More

July 18, 2023

Mobile Ransomware - How Handheld and Mobile Devices Leave Organizations Exposed

In the era of the mobile-first business, learn how malicious actors are increasingly turning their focus to mobile ransomware.

Read More

June 28, 2023

2023 Global Mobile Threat Report: Key Insights on the State of Mobile Security

Download the 2023 Global Mobile Threat Report to learn more about the key findings and trends that shape today's mobile security landscape.

Read More

May 18, 2023

OilAlpha: Learn How Zimperium MTD Protects Against This New Threat

Learn about emerging threats from the OilAlpha group and how Zimperium MTD customers are protected against the OilAlpha group and other similar threats.

Read More

May 3, 2023

BouldSpy: A New Android Surveillance Tool

Learn about BouldSpy, a newly discovered Android surveillance tool, and how Zimperium's on-device machine-learning technology can protect you.

Read More

April 19, 2023

Kimsuky Threat Actor Churns Out Advanced Malware

Learn about Kimsuky's new malware tactics and how Zimperium customers are protected against these cybersecurity threats.

Read More

March 29, 2023

Mobile Sypware Threats Put Businesses & Government Agencies at Risk

Learn how increasing mobile spyware threats threaten businesses & government agencies and how mobile threat defense solutions can provide protection.

Read More

December 15, 2022

MoneyMonger: Predatory Loan Scam Campaigns Move to Flutter

The Zimperium zLabs team recently discovered a Flutter application with malicious code. The Flutter-obfuscated malware campaign, MoneyMonger, is solely distributed through third-party app stores and sideloaded onto the victim’s Android device and most commonly take advantage of social engineering through phishing messages, compromised websites, rogue WiFi networks, and social media to distribute the download links. Read more to learn how Zimperium customers are protected.

Read More

December 1, 2022

Schoolyard Bully Trojan Facebook Credential Stealer

Zimperium zLabs has discovered a new Android threat campaign, the Schoolyard Bully Trojan, which has been active since 2018 and has spread to over 300,000 victims and is specifically targeting Facebook credentials. To learn more about this new threat, read more on our blog.

Read More

November 8, 2022

The Case of Cloud9 Chrome Botnet

The Zimperium zLabs team recently discovered a malicious browser extension, originally called Cloud9, which not only steals the information available during the browser session but can also install malware on a user's device and subsequently assume control of the entire device. In this blog, we will take a deeper look into this malicious browser extension.

Read More

October 5, 2022

We Smell A RatMilad Android Spyware

The Zimperium zLabs research team discovered spyware targeting Middle Eastern enterprise mobile devices and began monitoring the activity of a novel Android spyware family that we have since named RatMilad. Learn how Zimperium zIPS customers are protected against RatMilad spyware. Read more.

Read More

September 28, 2022

Mobile Attack Chains: The Real World Risks to Enterprise Security

Identifying a problem is a critical first step, but there can be a big leap between detecting an issue and fixing it. This is very much the case when it

Read More

August 2, 2022

4 Common types of Malware and What's the Difference (Trojan, Spyware, Viruses, Ransomware)

Malware is malicious code that threat actors use to compromise data collected, stored, processed, or transmitted by mobile devices, computers, servers, or

Read More

July 22, 2022

2022 Mobile Banking Heists: The Emerging Threats and How to Respond

The landscape of modern banking and financial management has evolved with the rise of digital access to assets on a global scale. From payments to

Read More

July 7, 2022

ABCsoup: The Malicious Adware Extension with 350 Variants

What can ABCsoup do? Recently Zimperium discovered and began monitoring the growth of a wide range of malicious browser extensions with the same extension

Read More

April 7, 2022

The State of Browser Extension Malware

It is time for us to change how we think about malware. No longer is it limited to one specific operating system or device type. Like with phishing

Read More

March 31, 2022

The State of Mobile App Security: Key Takeaways from 2022 Threat Report

Over the last few years, a major shift has occurred in how we use mobile devices and apps. Fundamentally, we continue to use our smartphones more and

Read More

March 14, 2022

2022 Global Mobile Threat Report: Key Insights on the State of Mobile Security

What’s the mobile security landscape like today, how has it changed, and what can security teams expect over the course of 2022? To provide answers, we’ve

Read More

January 26, 2022

Financially Motivated Mobile Scamware Exceeds 100M Installations

Research by Aazim Bill SE Yaswant and Nipun Gupta While some financially motivated scams may seem simple on the surface, the truth of the matter is that

Read More

January 25, 2022

BRATA Android Trojan Returns with Fury

Share this blog Marking its most aggressive comeback to the Android ecosystem since its discovery in 2019, the BRATA Android malware has targeted global vi

Read More

December 6, 2021

Pegasus Spyware Found on U.S. State Department iPhones

On December 3rd, Christopher Bing and Joseph Menn at Reuters disclosed that iPhones of numerous U.S. State Department employees were hacked by an unknown

Read More

November 10, 2021

PhoneSpy: The App-Based Cyberattack Snooping South Korean Citizens

Update November 22, 2021: It has been determined that this specific campaign is no longer active. The command and control server has been taken down, and

Read More

September 29, 2021

GriftHorse Android Trojan Steals Millions from Over 10 Million Victims Globally

Research and writeup by Aazim Yaswant and Nipun Gupta With the increase of mobile device use in everyday life, it is no surprise to see cybercriminals

Read More

August 9, 2021

FlyTrap Android Malware Compromises Thousands of Facebook Accounts

A new Android Trojan codenamed FlyTrap has hit at least 140 countries since March 2021 and has spread to over 10,000 victims through social media

Read More

July 19, 2021

Pegasus Mobile Spyware used to target journalists, activists, and more

A massive data leak revealed an iOS spyware malware called Pegasus had been used by authoritative governments to target over 50,0000 journalists,

Read More

May 18, 2021

Sideloaded Applications: The Risk of Fewer Restrictions

Would you trust an application on your device from a third-party app store? Would you trust that same app store on the endpoints connected to your

Read More

May 5, 2021

Flubot vs. Zimperium

Over the past few weeks, reports of the newest aggressive malware family to impact Android devices have made the rounds. Flubot, the credential and

Read More

April 13, 2021

Android Trojans Infect APKPure and Huawei App Stores

Two new active and aggressive Android Trojan variants have been discovered in the wild, impacting users taking advantage of two alternatives, non-Google

Read More

March 26, 2021

New Advanced Android Malware Posing as “System Update"

Another week, and another major mobile security risk. A few weeks ago, Zimperium zLabs researchers disclosed unsecured cloud configurations exposing

Read More

September 28, 2020

Joker is No Laughing Matter: 64 New Variants Discovered in Less Than a Month

As part of Google’s App Defense Alliance, Zimperium helps make the Android ecosystem safer by processing all apps before they reach Google Play. However,

Read More

September 16, 2020

Threat Advisory: BlackRock Mobile Malware

What is it? BlackRock - an advanced Android malware derived from Xeres malware - evades detection and steals login credentials or credit card data from

Read More

June 26, 2020

Zimperium Discovers MobOk Malware Left Undetected by AV Industry for Months

zLabs researchers have uncovered a new variant of the MobOk campaign. The samples found evaded detection by AV vendors for months. Zimperium worked with

Read More

February 4, 2020

Dr. Jekyll and Mr. “Hide” - How Covert Malware Made it into Apple’s App Store

Today, enterprises feature a mixture of corporate and employee-owned mobile devices with the average individual downloading anywhere from 60 to 90 apps

Read More

November 12, 2019

How Zimperium’s z9 Detected Unknown Mobile Malware Overlooked by the AV Industry

Introduction Thousands of new malicious apps are being released for mobile devices every day. And thousands more variations of older malware are being

Read More

November 10, 2019

The Unpatchable Checkra1n Exploit

Today, the “unpatchable” jailbreak known as  Checkra1n (Device Compatibility) was officially released and generally available. Checkra1n is unprecedented

Read More

November 6, 2019

Zimperium and Google Partner to Fight Bad Apps through App Defense Alliance

We are thrilled to announce Google has selected us to help ensure the safety of the millions of apps in the Google Play Store through its App Defense

Read More

August 30, 2019

Malicious Websites Put iOS Devices At Risk

In an excellent and deep blog analysis, Ian Beer of Google’s Project Zero outlines five separate iOS exploit chains that were found on a small collection

Read More

August 23, 2019

New iOS Jailbreak Tools put Organizations at Risk

According to iDownloadBlog.com (iDB), “in an unforeseen turn of events, hacker Pwn20wnd released v3.5.0 of the unc0ver jailbreak tool to the general

Read More

August 15, 2019

What exactly is a mobile ______ attack?

Mobile devices contain or have access to the same information as traditional endpoints. While billions of dollars have been spent protecting and securing

Read More

July 31, 2019

Zimperium’s “State of Enterprise Mobile Security” Report Says Every Enterprise has Mobile Security Threats and Attacks

  Mobile devices continue to be the target of attack at increasing rates.  There is a relatively simple explanation for this - in a typical

Read More

July 29, 2019

The Dangers of Public WiFi: Were you Hacked on your Daily Commute?

I had to do it. Afterall, I talk about it with customers and prospects daily. Had to see for myself.  About a week ago, I was on a train in Australia.

Read More

July 26, 2019

Zimperium Customers Protected From Monokle Malware

According to Threatpost, another new malicious Android app - dubbed “Monokle”- is gaining attention. While Monokle has some interesting capabilities

Read More

July 23, 2019

The State of Mobile Device Threats: 2019 H1 Mobile Threat Report

As the worldwide leader in mobile threat defense (MTD), no company protects more enterprise mobile devices than Zimperium. As a result, we have incredibly

Read More

July 15, 2019

Latest Android Malware is Not a Surprise; Zimperium Customers Protected

According to news reports, a new strain of Android malware has infected 25 million devices and modified legitimate apps with a malicious ads module.  

Read More

July 9, 2019

5 Must-Have Sections For Every Enterprise Mobile Security RFP - Must-Have #4: Security Technology & Workflow Integrations

Our fourth webinar in our series of “The 5 Must-Have Sections for Every Enterprise Mobile Security Request For Proposal (RFP)” reviews Security

Read More

June 17, 2019

The Mobile Watering Hole: How A Sip Leads to A Trojan Compromise

"Watering Hole" is a cyber attack strategy in which the victim is a particular group (organization, industry, or region). In this attack, the attacker

Read More

June 14, 2019

WhatsApp Buffer Overflow Vulnerability: Under the Scope

Researcher: Chilik Tamir (@_coreDump)   Recently, Zimperium blogged about the new WhatsApp vulnerability disclosed by Facebook on May 13th. This

Read More

June 10, 2019

CVE-2019-8545: Vulnerability in IOHIDFamily.kext

Summary A local user may be able to cause unexpected system termination or read kernel memory. Details In the function

Read More

May 20, 2019

It’s Not Your Father’s Endpoint - What if a Mobile Device is Attacked?

In my first blog, I discussed why mobile devices are the likely choice for savvy attackers since they typically have no endpoint protection. Let's

Read More

May 15, 2019

WhatsApp Buffer Overflow Vulnerability Reportedly Exploited In The Wild

A new WhatsApp vulnerability has attracted the attention of the press and security professionals around the world. Zimperium zLabs will be creating a

Read More

April 23, 2019

You’ve Just Won $1,000! Lucky You!

We’ve all seen them. They are annoying; can be abusive and sometimes malicious. It goes something like this: You’re navigating a web page to read an

Read More

March 8, 2019

Zimperium Webinar Series: Seven Deadly (Mobile Security) Sins… According to CISOs

Zimperium, a global leader in enterprise mobile threat defense (MTD) and a leading provider of real-time, on-device protection against known and unknown

Read More

February 28, 2019

Machine Learning vs Signatures, Round N: Once Again, Zimperium Detects Malware No One Else Does

Analysis & Post By: Alex Calleja (@alximw) Matteo Favaro (@fvrmatteo)     Advertising and click fraud campaigns are one of the most common

Read More