Currently browsing: Android

RAMpage: The Latest Rowhammer-esque Android Vulnerability

On June 28th, a group of eight academics across three different universities released a research paper outlining a new Android vulnerability called “RAMpage”.  It’s a variation of previous attacks that use the Rowhammer hardware vulnerability to run malicious code by changing what’s stored in a device’s memory (RAM) and has […]

Read more

Threat Advisory: RedDrop

RedDrop is another in the long line of Android spyware apps. The malware has captured attention because of its ability to turn on microphones and exfiltrate sensitive data, but unfortunately that doesn’t make it unique. While there appears to be an elaborate network behind it, RedDrop is simply another Android […]

Read more

Threat Advisory: Skygofree

Skygofree, another in the long line of Android based spyware, is being touted as one of the most advanced targeted surveillance tools ever seen on mobile devices. Skygofree is designed to enable surveillance and full device control by remote attackers. On unprotected mobile devices, Skygofree allows attackers to perform advanced […]

Read more

BankBot & Friends: Phishing Mobile Customers Like You Soon

Back in April of 2017, researchers discovered a new form of Android-targeting malware using fake overlay screens to mimic existing banking apps and steal user credentials. Distributed as benign apps in Google Play, BankBot-infected apps were posing as 20 entertainment and mobile banking apps. This first version of BankBot targeted a small […]

Read more

Clicking Bot Applications

Cyber crime, like any crime, has its motives; each malware has its own malicious profit. Spyware spies on you. Ransomware demands a ransom to decrypt your private digital data. Phishing Malware phishes for your username, password or account numbers. Installation-fraud achieves fake software installations. Ad fraud fraudulently represents online advertisement […]

Read more

Validating Machine Learning Detection of Mobile Malware with Zimperium’s z9

Zimperium’s core machine learning engine, z9, has a proven track record of detecting zero-day exploits. We recently announced an extension of the framework that detects previously unknown mobile malware. This extension is known as “z9 for Mobile Malware”, and was officially announced in September 2017. Internally, the code name has […]

Read more

Fake Snapchat in Google Play Store

Zimperium discovered and reported a fake version of the popular Snapchat app in the official Google Play Store; At the time of our discovery, it was the second result when searching for “Snapchat”. The fake version of Snapchat app is using “Snap Inc .” as Company Name, with a  ” […]

Read more

ZPI: One approach to rule them all

In 1975, a book was published that changed the way we approach complex problems. Inspired on how nature works “Adaptation in Natural and Artificial Systems” set the bases of genetic algorithms. The release date of this blogpost is strongly linked to that book, it is a symbolic tribute to its […]

Read more

Zero Packet Inspection

Introduction In this blogpost I describe the history of z9, our detection engine. I will show its performance over reference data sets commonly used in the machine learning community. I’ll then describe how we apply it to detect networks attacks without any type of packet inspection. Eventually, we encourage you to participate by helping […]

Read more

zIPS and “Android for Work”

zIPS, the leading mobile threat defense solution, now provides tailored protection for Android for Work use cases. Enterprise IT and security professionals have been working with corporate end-users for decades to keep their desktops, laptops and servers secure. So you might think that those professionals would have a lock on […]

Read more