Zlabs

August 25, 2025

Hook Version 3: The Banking Trojan with The Most Advanced Capabilities

A full list of Indicators of Compromise (IOCs) for Hook v3 details the advanced Android banking trojan’s use of overlays, phishing, screen-streaming, and GitHub distribution with more than 100 remote commands.

Read More

August 20, 2025

Rapid Response: Zimperium Detects Lazarus Stealer Campaign with Full Coverage and Additional Samples

Zimperium detects and neutralizes Lazarus Stealer, a sophisticated Android banking malware, enhancing mobile defenses with comprehensive threat coverage and additional samples.

Read More

August 14, 2025

Rapid Response: Zimperium’s Full Coverage of PhantomCard NFC-Relay Android Malware

Zimperium uncovers and blocks PhantomCard, a sophisticated NFC-relay Android banking trojan targeting Brazilian users.

Read More

August 13, 2025

The Root(ing) Of All Evil: Security Holes That Could Compromise Your Mobile Device

Learn how vulnerabilities in rooting frameworks like KernelSU can expose your Android device to severe security risks, and discover how Zimperium zLabs helps mitigate these threats.

Read More

August 6, 2025

The Growing Threat of Mobile Infostealers

Discover how advanced mobile infostealers threaten individuals and enterprises, and learn about Zimperium’s proactive detection strategies to safeguard your mobile devices.

Read More

August 4, 2025

Extended Rapid Response: Zimperium Expands Detection of PlayPraetors Android RAT Campaign with Additional Samples and Targets

Zimperium expands detection of PlayPraetors Android RAT campaign—targeting 11K+ devices via fake Play Stores, overlays, and real-time fraud.

Read More

July 30, 2025

Behind Random Words: DoubleTrouble Mobile Banking Trojan Revealed

DoubleTrouble Trojan infiltrates mobile devices via Discord, stealing credentials with advanced features like screen capture and keylogging. Zimperium's defenses detect and protect against this evolving threat.

Read More

July 23, 2025

The Dark Side of Romance: SarangTrap Extortion Campaign

A cross-platform malware campaign, SarangTrap, uses fake dating apps to steal sensitive data from mobile users, revealing the dark side of digital romance.

Read More

July 15, 2025

Konfety Returns: Classic Mobile Threat with New Evasion Techniques

New Konfety malware variant uses advanced evasion techniques to target Android devices, complicating detection and analysis for security professionals. Learn about its sophisticated tactics and impacts.

Read More

June 18, 2025

Your Mobile App, Their Playground: The Dark Side of Virtualization

Zimperium zLabs has uncovered a sophisticated evolution of the GodFather banking malware that leverages an advanced on-device virtualization technique to hijack several legitimate applications.

Read More

June 4, 2025

Privilege Escalation: Preventing Mobile Apps from Taking Over on Android

Our blog will revisit some examples of abuses of the Android Accessibility API that some OEM apps and sideloaded apps make use of, we will first provide an overview of such vulnerabilities and then delve into specific real-world cases.

Read More

June 3, 2025

Rapid Response: Zimperium Detects GhostSpy Android RAT

CYFIRMA recently uncovered GhostSpy, a highly stealthy and persistent web-based Android Remote Access Trojan (RAT).

Read More

May 29, 2025

Rapid Response: Zimperium Detects All Reported Samples of Evolving Zanubis Android Banking Trojan

As Zanubis and other banking trojans continue to adapt and become more sophisticated, Zimperium remains committed to delivering advanced, proactive protection to secure mobile users and financial institutions worldwide.

Read More

May 15, 2025

Preventing Malicious Mobile Apps from Taking Over iOS through App Vetting

This blog post explores the importance of app vetting and provides actionable steps to help organizations safeguard their mobile ecosystems.

Read More

April 30, 2025

Your Apps Are Leaking: The Hidden Data Risks on Your Phone, Part 2

In our previous article, we explored how cloud misconfigurations and poor cryptographic practices in mobile apps can expose enterprise data. However, the risks don't stop there. Our research has uncovered equally concerning issues with how mobile apps handle data locally on devices and transmit information to remote servers.

Read More

April 23, 2025

From Lock Screen to Wallets: BTMOB RAT Now Targets Alipay PINs

On February 12, Cyble reported the discovery of a new variant of the BTMOB spyware, named BTMOB RAT v2.5. This malicious software is being distributed through deceptive phishing sites impersonating popular streaming services like iNat TV and fraudulent cryptocurrency mining platforms.

Read More

April 16, 2025

Your Apps are Leaking: The Hidden Data Risks on your Phone, Part 1

Learn about the hidden data risks in mobile apps, focusing on cloud and cryptography vulnerabilities that could expose sensitive information. Discover how to protect your enterprise.

Read More

April 14, 2025

Pragmatic Crocodilus: A New Variant In the Horizon

Following ThreatFabric’s publication on Crocodilus, a sophisticated Android banking trojan, our zLabs team conducted a deeper investigation into its broader ecosystem.

Read More