Currently browsing: Mobile Malware

Reflecting on Recent iOS and Android Security Updates

By:Zuk Avraham Follow Zuk Avraham (@ihackbanme)Joshua Drake Follow Joshua Drake (@jduck)Nikias Bassen Follow Nikias Bassen (@pimskeks) The last thirty days proven to be yet another exciting time for the mobile security ecosystem. Apple and Google released updates for their respective mobile operating systems that fix several critical issues — including […]

Read more

zYiRemoval – Free tool to remove YiSpecter

By:Nikias Bassen Follow Nikias Bassen (@pimskeks) An enterprise security vendor, Palo Alto Networks,  followed up on a threat discovered by Cheetah Mobile and Qihoo360, and identified a malware spreading through social media and other channels. This malware, named YiSpecter, is abusing enterprise code signing to trick the user into installing […]

Read more

How to Protect from StageFright Vulnerability

Earlier this week, Zimperium (@ZIMPERIUM), the leader in mobile threat protection, unveiled a major vulnerability in Android – Stagefright. Joshua Drake (@jduck), VP of Platform Research and Exploitation and a senior member of Zimperium zLabs, proactively studied the code. According to a few firms, other people have identified vulnerabilities in […]

Read more

Zimperium customers are safe from Samsung Keyboard Security Risk

A potential security risk has been discovered on a large number of Android Smartphones as discovered by Nowsecure. Some of the latest devices, such as Samsung Galaxy S6, and Galaxy S5, come pre-loaded with a third-party keyboard app, SwiftKey, which fetches an update over unsecure and invalidated channel. This allows the […]

Read more

Telegram App Store Secret-Chat Messages in Plain-Text Database

EDIT: The following post * was not on a rooted or jailbroken device *. In order to access the plain-text secret-chat database containing the messages, we used our implementation of CVE-2014-3153. The claims that the device is rooted / jailbroken are incorrect and misleading. I will start by quoting CryptoFail […]

Read more

Millions impacted by infected Android Apps

Millions of Android users have been impacted recently by malware masquerading as a card game called Durak, an IQ test and a history app. The discovery was made by Avast security researcher, Flip Chytry. The malware contains fake ads that pop-up whenever an unsuspecting user unlocks their device. The ads […]

Read more

The Real Mobile Threat Landscape

What Is a Mobile Threat? The sophistication and continuous evolution of advanced threats is a serious problem for modern enterprises. Mobile malware, malicious apps, targeted data-stealing attacks on iOS and Android devices are introducing new challenges for IT security. Like viruses and malware that can infect your PC, there are […]

Read more

Nation-state attacks exist on iOS

Yesterday reports surfaced about China potentially using malware targeted at iPhone users to spy on Hong Kong protesters. Is it possible that a nation-state attack on an iOS device would be so bold as to use the words ODAY in its attack? Possibly… But what’s more important here is not […]

Read more

zANTI2 Shellshock Scanner Plugin

Today Zimperium released a new plugin for zANTI2, the “Shellshock Scanner” capable of detecting the Shellshock BASH vulnerability on both a local network IP address or a remote host. Once you select a target, the plugin will send multiple requests to popular CGI scripts to the host IP address. The […]

Read more

Get started with Zimperium today