On March 15th, Zimperium’s zIPS Mobile Threat Protection solution identified a zero-day mobile attack and its zLabs research team immediately reported the exploit to the Android Security Team. The reported attack is delivered via a publicly-available rooting application, KingRoot, using an unpatched local elevation of privilege vulnerability in the kernel reported […]
Triada is now the “umbrella” name for the three mobile Trojan families – Ztorg, Gorpo and Leech – that, as we mentioned before, primarily exploit users of Android 4.4.4 and earlier versions of the mobile OS. In this blog post, the zLabs team presents specifically the findings from our testing […]
By:Zuk Avraham Follow Zuk Avraham (@ihackbanme)Joshua Drake Follow Joshua Drake (@jduck)Nikias Bassen Follow Nikias Bassen (@pimskeks) The last thirty days proven to be yet another exciting time for the mobile security ecosystem. Apple and Google released updates for their respective mobile operating systems that fix several critical issues — including […]
Last week, a new strain of trojan adware was discovered, bearing automatic device-rooting capabilities that make it almost impossible to remove from affected Android devices. This malware, dubbed Shuanet is another example of increasing sophistication in mobile threats. Shuanet is the third family in a trilogy of recently discovered malicious […]
By:Nikias Bassen Follow Nikias Bassen (@pimskeks) An enterprise security vendor, Palo Alto Networks, followed up on a threat discovered by Cheetah Mobile and Qihoo360, and identified a malware spreading through social media and other channels. This malware, named YiSpecter, is abusing enterprise code signing to trick the user into installing […]
Earlier this week, Zimperium (@ZIMPERIUM), the leader in mobile threat protection, unveiled a major vulnerability in Android – Stagefright. Joshua Drake (@jduck), VP of Platform Research and Exploitation and a senior member of Zimperium zLabs, proactively studied the code. According to a few firms, other people have identified vulnerabilities in […]
A potential security risk has been discovered on a large number of Android Smartphones as discovered by Nowsecure. Some of the latest devices, such as Samsung Galaxy S6, and Galaxy S5, come pre-loaded with a third-party keyboard app, SwiftKey, which fetches an update over unsecure and invalidated channel. This allows the […]
EDIT: The following post * was not on a rooted or jailbroken device *. In order to access the plain-text secret-chat database containing the messages, we used our implementation of CVE-2014-3153. The claims that the device is rooted / jailbroken are incorrect and misleading. I will start by quoting CryptoFail […]
Millions of Android users have been impacted recently by malware masquerading as a card game called Durak, an IQ test and a history app. The discovery was made by Avast security researcher, Flip Chytry. The malware contains fake ads that pop-up whenever an unsuspecting user unlocks their device. The ads […]
What Is a Mobile Threat? The sophistication and continuous evolution of advanced threats is a serious problem for modern enterprises. Mobile malware, malicious apps, targeted data-stealing attacks on iOS and Android devices are introducing new challenges for IT security. Like viruses and malware that can infect your PC, there are […]
Receive Zimperium proprietary research notes and vulnerability bulletins in your inbox