No items found.

iOS 16.1.1 and 16.1.2

Apple recently released two software updates with security fixes: iOS 16.1.2 and iOS 16.2.

Chrome 9th Zero Day | CVE-2022-4262

Google released an emergency patch for a new zero-day vulnerability tracked as CVE-2022-4262. The CVE is found in the V8 Javascript engine of Chromium

ChromeHeap | CVE-2022-4135

Google patched a new zero-day found in the GPU component of the Chromium open-source web browser causing a heap buffer overflow.

Samsung Devices | CVE-2021-25337/369/370

Google TAG under Project Zero revealed an active kill chain that exploits vulnerabilities in Samsung devices.

Chrome Zero Day | CVE-2022-3723

Google recently released a patch for a new zero-day vulnerability found in the Chromium open-source web browser project, which provides the codebase behind popular web browser

iOS 16 Zero Day

"Apple recently released a software update to iOS 16.1 and iPadOS 16 to patch a zero-day kernel vulnerability identified as CVE-2022- 42827"


Google released a patch for a new zero-day vulnerability found in the Chromium open-source web browser project, which provides the codebase behind some popular web browsers.

iOS 15.6.1 Zero-Day

Apple released a software update to iOS and iPadOS 15.6.1 to patch a zero-day kernel vulnerability identified as CVE-2022-32917.

Sharkbot V2

Threat researchers discovered multiple Google Play listings for dropper apps which installed the infamous mobile banking trojan Sharkbot.

iOS 15.6 Vulnerabilities

Apple released a software update to iOS and iPadOS 15.6 to patch two core zero-day vulnerabilities, CVE-2022-32894 (Kernel) and CVE-2022-32893 (Webkit).

iOS 15.5 Vulnerabilities

Apple released a software update to iOS and iPadOS 15.5 to patch 35 issues, including two critical vulnerabilities identified by Lookout which grant control of the device.

Spyware in the Enterprise

The Lookout Threat Intel team's recent discovery of Hermit, a mobile surveillanceware tool, shows how mobile surveillanceware could adversely affect enterprise organizations

8 iOS & Android CVEs

CISA recently announced several exploitable mobile vulnerabilities that can affect both Android and iOS devices. They vary in severity and can be deployed in several ways.

CVE-2022-1633 – 1641

Researchers recently discovered and disclosed to Google nine vulnerabilities in Google Chrome for Android. The vulnerabilities are CVE-2022-1633 through CVE-2022-1641.


Google's Threat Analysis Group recently discovered and disclosed an exploitable vulnerability in Chromium, which is identified as CVE-2022-1364.


A researcher recently discovered and disclosed an exploitable vulnerability in Chromium, which is identified as CVE-2022-1096 in the V8 Javascript Engine component.


Google recently discovered and disclosed an exploitable vulnerability in Chromium, which is identified as CVE-2022-0609.

iOS 15.3 Vulnerabilities

Apple released an urgent software update to iOS 15.3 to patch a vulnerability in Apple’s WebKit browser engine, which enabled attackers to execute arbitrary code remotely.

Adobe Acrobat for Android

There has been a critical vulnerability in Acrobat Reader for Android devices that could enable an unauthorized user to execute arbitrary code executing on the user’s device.

Alien Banking Trojan

The Alien mobile malware, which is a variant of Cerberus, joins the likes of Eventbot, Cerberus, and Anubis as well-known and highly customizable banking malware.

Predator & Pegasus

This one-page threat guidance provides insight into the newly-discovered Predator spyware, which was discovered alongside Pegasus on two Egyptians' phones.

AbstractEmu: Mobile Rooting Malware

Security researchers at the Lookout Threat Lab have identified a new rooting malware distributed on Google Play, Amazon Appstore and the Samsung Galaxy Store.

iOS 15.0.1 Vulnerabilities

Apple released an urgent software update for iOS 15.0.1, in response to the latest zero-day vulnerability in the IOMobileFrameBuffer.

ShellClient RAT

Security researchers recently unveiled a long-standing campaign that was being carried out by a new Iranian threat actor known as MalKamak.

iOS 14.8 Vulnerabilities

Apple released an urgent software update for iOS 14.7 to patch a vulnerability that was found to be exploitable by attackers using the surveillanceware known as Pegasus.

NSO Group & Pegasus

A data leak of more than 50,000 phone numbers revealed a list of identified persons of interest by clients of NSO, developers of the Pegasus malware, since 2016.

REvil Ransomware Attack on Kaseya

Kaseya recently fell victim to a ransomware attack executed by the REvil group. In all between 800 and 1,500 businesses down the chain were affected by this attack.

BitScam & CloudScam: Crypto Scamming Apps

Lookout Researchers have discovered almost 200 Android apps, including 25 on the Play Store, scamming cryptocurrency investors out of money.

EA Games Credentials Leaked via Slack Cookies

Attackers were able to gain access to EA's infrastructure with employee credentials in cookies from Slack and exfiltrate almost 1TB of data.

Preinstalled Android Apps

A number of apps that come preinstalled on Android devices were found to have vulnerabilities that could be exploited on any Samsung device.

Colonial Pipeline Ransomware Attack

The Colonial Pipeline ransomware attack demonstrated how cybercrime groups exploit diminishing visibility, legacy security systems, and mobile devices to extort money.

Pulse Secure VPN

Several vulnerabilities discovered in the Pulse Secure VPN are being exploited by threat actors to bypass authentication and install malware in enterprise infrastructure.

Flubot Smishing

Attackers are using phone numbers leaked from Facebook to socially engineer mobile users into downloading malicious apps infected with the FluBot banking trojan


A customizable Malware-as-a-Service banking trojan delivered through any app with messaging capabilities.

iOS WebKit Vulnerabilities

Apple released an urgent software update to iOS 14.4 to patch a vulnerability in Apple’s WebKit browser engine, which enabled attackers to perform arbitrary cross-scripting.

Mobile Phishing Attacks on Australian Government

Australian government officials were targeted by a mobile phishing campaign through Telegram and WhatsApp, where attackers could send messages on their behalf.

Office 365 Account Takeovers

The expanded remote workforce has increased organizations’ threat surface in the cloud, which resulted in a surge of attacks and breaches on Microsoft Office 365 services.

Hornbill and Sunbird - Android Surveillanceware/RAT

Android surveilllanceware developed by a pro-India APT tageting Pakistani official.

SolarWinds: Software Supply Chain Attack

Solarwinds showed the effectiveness of a software supply chain attack, an effective tactic for compromising a high volume of devices with a single infected software update.

Goontact: iOS and Android Malware

A blackmail and sextortion campaign targeting individual users on both iOS and Android

Chrome for Android Vulnerabilities

This vulnerability affects Chrome for Android v86.0.4240.185 and below. In the event of a successful exploit, the actor could access any capability that the browser has.

AndroidOS/MalLocker.B Ransomware

This is a variant of an existing mobile ransomware with novel techniques and behavior on Android devices.

Firefox for Android Vulnerabilities

Vulnerability in Firefox for Android, found in the app's SSDP protocols, allows an attacker to trigger actions on a victim’s device if connected to the same Wi-Fi network.

Instagram for Android Vulnerabilities

This vulnerability in Instagram for Android app versions prior to could allow attackers to take control of Instagram's functionality and permissions.

Mintegral SDK (SourMint)

The advertising SDK by Mintegral used in iOS apps had some risky permissions that could violate end-user privacy.

Twitter Phone Spear Phishing

This Twitter phone spear phishing attack compromised the accounts of influential individuals and exemplifies the effectiveness of voice phishing, also known as vishing.

TikTok Pro

Right after India banned TikTok, a malicious app called TikTok PRO circulated the country through email and social media.


Updated version of the TikTok Threat Guidance more up-to-date information and reviewed context around the current situation with where this app is sending user data.

Chinese Surveillanceware

The Lookout Threat Intelligence team discovered four Android surveillanceware tools used to target the Uyghur ethnic minority group.

unc0ver Jailbreak

Unc0ver is a widely used jailbreak present in the market for some time, and more recently started taking advantage of an iOS kernel vulnerability discovered in 2019.

Cerberus Distributed Via MDM

This new variant of the banking malware Cerberus has been observed being distributed via a breached MDM.

iOS Mail Vulnerabilities

A vulnerability in the native iOS Mail app allowed an attacker to execute an attack with zero or one-click.

Syrian Malware Campaign Tied to Coronavirus/COVID-19

There were over 70 Android apps associated with this long-running malware campaign.


LightSpy was the malware behind the Poisoned News watering hole campaign on iOS.

Voatz App (App Defense)

The Voatz vulnerability, discovered by researchers at MIT, could allow hackers to see someone’s vote or even change their vote.


This attackers behind this remote access trojan (RAT) attack used social engineering to target Israeli Defense Force (IDF) soldiers.

iOS 14.3 Vulnerabilities

Apple announced three exploitable vulnerabilities in iOS 14.3. Two of them were tied to the Apple WebKit, while the third was a vulnerability of the device kernel.

Mobile APT Attack on Amazon CEO

Amazon's CEO was targeted by a mobile advanced persistent threat (APT) that enabled the attacker to steal data with a compromised video file sent to the victim via WhatsApp.


ToTok is a very popular chat app used in the Middle East that was discovered to be spying on all its users despite not having any nefarious permissions built into the app.


This malware can deploy second-stage malware payloads which can steal user login information, keylog, deploy ransomware, and bypass MFA with SMS interception.

Lookout Security Intelligence Team Discovery of AzSpy

AzSpy appeared to be part of a commercial Android spy platform, known as FullSpy, with a user login page to monitor infected devices.

Attack Targeting UN and NGOs

This campaign targeted non-governmental organizations around the world, including but not limited to UN and humanitarian organizations.

Lookout Security Intelligence Team Discovery of ArmaSpy

ArmaSpy was a surveillance family, which appears to have been targeting Iranian users since late 2016 with new samples discovered as recently as mid-2019

Attack Targeting Verizon Corporate Employees

Phishing AI discovered this campaign targeting Verizon employees on mobile devices.

Joker Trojan

Joker is a widely-used trojan that continues to appear in apps on the Google Play Store.


SimJacker is a vulnerability in the SIM card of certain iOS and Android devices that is executed via a specially crafted SMS message sent to the target device.

Monokle RTD

Monokle is an advanced and highly-targeted surveillanceware developed by Russian firm STC. It has a number of unique capabilities for stealing data from Android devices

InfectedAds/AgentSmith RTD

This is a family of applications that infects programs by adding its own components to a target Android Package (APK) without changing its digital signature.

Fake Government Sites Targeting SMBs

Phishing AI's discovery of a campaign impersonating local County/State government sites in order to steal PII of business owners

Mobile-Only Canadian Banking Campaign

Phishing AI's early discovery of a mobile-only phishing campaign targeting Canadian banking customer

Lookout Security Intelligence Team's Discovery of BeiTaAd RTD

BeiTaAd is a well-obfuscated advertising plugin that forcibly displayed ads on the user’s lock screen, triggered video and audio advertisements even while the phone is asleep.

Attack Targeting AT&T Corporate Employees

Phishing AI discovered this campaign targeting AT&T employees on mobile devices.

eSurvAgent RTD

eSurvAgent is a sophisticated Android surveillanceware agent.