iOS 16 Zero Day

Apple recently released a software update to iOS 16.1 and iPadOS 16 to patch a zero-day kernel vulnerability identified as CVE-2022- 42827, which is reportedly being exploited in the wild.
Read Threat Lab

CVE-2022-3075

Google recently released a patch for a new zero-day vulnerability found in the Chromium open-source web browser project, which provides the codebase behind popular web browsers including Google Chrome and Microsoft Edge.
Read Threat Lab

iOS 15.6.1 Zero-Day

Apple released a software update to iOS and iPadOS 15.6.1 to patch a zero-day kernel vulnerability identified as CVE-2022-32917. Apple is aware of a report mentioning its active exploitation in the wild. This vulnerability is capable of allowing a maliciously crafted application to execute arbitrary code with kernel privileges.
Read Threat Lab

Sharkbot V2

Threat researchers discovered multiple Google Play listings for dropper apps which installed the infamous mobile banking trojan Sharkbot. This Android malware has been used by financially motivated threat actors - targeting both banking apps as well as cryptocurrency apps and exchanges.
Read Threat Lab

iOS 15.6 Vulnerabilities

Apple released a software update to iOS and iPadOS 15.6 to patch two core zero-day vulnerabilities, CVE-2022-32894 (Kernel) and CVE-2022-32893 (Webkit), which together form a full kill chain.
Read Threat Lab

iOS 15.5 Vulnerabilities

Apple released a software update to iOS and iPadOS 15.5 to patch over 35 issues that had potential effects. Lookout has identified two particularly critical vulnerabilities that can grant malicious actors control over the device from anywhere.
Read Threat Lab

Spyware in the Enterprise

The Lookout Threat Intel team's recent discovery of Hermit, a mobile surveillanceware tool, exemplifies how mobile surveillanceware could adversely affect enterprise organizations - especially as more "lawful intercept" solutions are distributed.
Read Threat Lab

8 iOS & Android CVEs

CISA recently announced several exploitable mobile vulnerabilities that can affect both Android and iOS devices. They vary in severity and can be deployed by leveraging a variety of exploitation mechanisms. The most concerning risk comes from those that do not require user interaction to be executed
Read Threat Lab

CVE-2022-1633 – 1641

External researchers recently discovered and disclosed to Google nine vulnerabilities in Google Chrome for Android. The vulnerabilities are defined in CVE-2022-1633 through CVE-2022-1641 and may enable exploitation via a malcrafted webpage.
Read Threat Lab

CVE-2022-1364

Google's Threat Analysis Group recently discovered and disclosed an exploitable vulnerability in Chromium, which is the codebase that provides the vast majority of code for the Google Chrome browser.
Read Threat Lab

CVE-2022-1096

An anonymous researcher recently discovered and disclosed an exploitable vulnerability in Chromium, which is the codebase that provides the vast majority of code for the Google Chrome browser. The vulnerability, which is identified as CVE-2022-1096, was reported to exist in the V8 Javascript Engine component of Chromium and can be exploited with a malcrafted webpage
Read Threat Lab

CVE-2022-0609

Google recently discovered and disclosed an exploitable vulnerability in Chromium, which is the codebase that provides the vast majority of code for the Google Chrome browser. The vulnerability, which is identified as CVE-2022-0609, was reported by members of Google's Threat Analysis Group.
Read Threat Lab

iOS 15.3

Apple released an urgent software update to iOS 15.3 to patch a serious vulnerability in Apple’s WebKit browser engine. This vulnerability could enable attackers to execute arbitrary code remotely on the device. Exploiting this vulnerability can be most closely associated with a universal cross-site scripting (UXSS) attack
Read Threat Lab

Adobe Acrobat for Android

There has been a critical vulnerability found in Acrobat Reader for Android devices that could enable an unauthorized user to execute arbitrary code executing on the user’s device.
Read Threat Lab

Alien Banking Trojan

The Alien mobile malware, which is a variant of the widely used Cerberus mobile banking trojan joins the likes of Eventbot, Cerberus, and Anubis as well-known and highly customizable banking malware that cybercriminals can purchase through a Malware-as-a-Service (MaaS) model.
Read Threat Lab

Threat Guidance: Predator & Pegasus

This one-page threat guidance provides insight into the newly-discovered Predator spyware, which was discovered alongside Pegasus on two Egyptians' phones.
Read Threat Lab

AbstractEmu

Security researchers at the Lookout Threat Lab have identified a new rooting malware distributed on Google Play and prominent third-party stores such as the Amazon Appstore and the Samsung Galaxy Store.
Read Threat Lab

iOS 15.0.1 Vulnerability

In response to the latest zero-day vulnerability discovered in a new version of iOS, Apple released an urgent software update for iOS 15.0.1 to patch a serious vulnerability in the IOMobileFrameBuffer. This vulnerability was noted to be knowingly exploited in the wild and could allow an application to execute code with kernel privileges.
Read Threat Lab

ShellClient RAT

Security researchers recently unveiled a long-standing campaign that was being carried out by a new Iranian threat actor known as MalKamak. The campaign leveraged a previously unknown remote access trojan (RAT) called ShellClient with the end goal of stealing sensitive information about critical assets, organizations' infrastructure, and technology.
Read Threat Lab

iOS 14.8 Update

Apple released an urgent software update for iOS 14.7 to patch a serious vulnerability that was found to be exploitable by attackers using the advanced surveillanceware known as Pegasus.
Read Threat Lab

NSO Group & Pegasus

A data leak of more than 50,000 phone numbers revealed a list of identified persons of interest by clients of NSO since 2016. NSO develops Pegasus, a highly advanced mobile malware that infects iOS and Android devices.
Read Threat Lab

REvil Ransomware Attack on Kaseya

Kaseya recently fell victim to a ransomware attack executed by the REvil group. In all between 800 and 1,500 businesses down the chain were affected by this attack.
Read Threat Lab

BitScam & CloudScam

Lookout Researchers have discovered almost 200 Android apps, including 25 on the Play Store, scamming cryptocurrency investors out of money.
Read Threat Lab

Preinstalled Android Apps

A number of apps that come preinstalled on Android devices were found to have vulnerabilities that could be exploited on any Samsung device.
Read Threat Lab

EA Games Credentials Leaked via Slack Cookies

Attackers were able to gain access to EA's infrastructure with employee credentials in cookies from Slack and exfiltrate almost 1TB of data.
Read Threat Lab

Colonial Pipeline Ransomware Attack

Attackers launched a ransomware attack against the Colonial Pipeline that demonstrated how cybercrime groups exploit diminishing visibility, legacy security systems, and mobile devices to successfully extort money from targets.
Read Threat Lab

Pulse Secure VPN

There were a number of vulnerabilities discovered in the Pulse Secure VPN that are actively being exploited by threat actors that can bypass authentication to install malware in enterprise infrastructure.
Read Threat Lab

Flubot Smishing

Attackers are using phone numbers leaked from Facebook to socially engineer mobile users into downloading malicious apps infected with the FluBot banking trojan
Read Threat Lab

BancaMarStealer

A customizable Malware-as-a-Service banking trojan delivered through any app with messaging capabilities.
Read Threat Lab

iOS WebKit Vulnerabilities

Apple released an urgent software update to iOS 14.4 to patch a serious vulnerability in Apple’s WebKit browser engine. A successful exploit could allow malicious websites to perform arbitrary cross-scripting on the device.
Read Threat Lab

Mobile Phishing Attacks on Australian Government

Australian government officials were targeted by a mobile phishing campaign through Telegram and WhatsApp. Threat actors gained access to victims' address book and could send messages on their behalf.
Read Threat Lab

Office 365 Account Takeovers

The expanded remote workforce has increased organizations’ threat surface in the cloud. This has resulted in a surge of remote attacks and breaches on Microsoft Office 365 collaboration services.
Read Threat Lab

Hornbill & Sunbird

Android surveilllanceware developed by a pro-India APT tageting Pakistani official.
Read Threat Lab

SolarWinds

The Solarwinds incident exemplified the effectiveness of a software supply chain attack, which can be an effective tactic for compromising a high volume of devices with a single infected software update.
Read Threat Lab

Goontact

A blackmail and sextortion campaign targeting individual users on both iOS and Android
Read Threat Lab

Chrome for Android

This vulnerability affects Chrome for Android v86.0.4240.185 and below. In the event of a successful exploit, the actor could have access to any capability that the browser has.
Read Threat Lab

AndroidOS/MalLocker.B

This is a variant of an existing mobile ransomware with novel techniques and behavior on Android devices.
Read Threat Lab

Firefox for Android

This vulnerability in the Firefox for Android was discovered in the app's SSDP protocols that could allow an attacker to trigger actions on a victim’s device if the two are connected to the same Wi-Fi network.
Read Threat Lab

Instagram for Android

This vulnerability in Instagram for Android app versions prior to 120.0.0.26.128 could allow attackers to take control of Instagram's functionality and permissions.
Read Threat Lab

Mintegral SDK (SourMint)

The advertising SDK by Mintegral used in iOS apps had some risky permissions that could violate end-user privacy.
Read Threat Lab

Twitter Phone Spear Phishing

This Twitter phone spear phishing attack compromised the accounts of influential individuals and exemplifies the effectiveness of voice phishing, also known as vishing.
Read Threat Lab

TikTok PRO

Right after India banned TikTok, a malicious app called TikTok PRO circulated the country through email and social media.
Read Threat Lab

SilkBean Technical Report

A full technical report breaking down a Chinese surveillanceware campaign targeting the Uyghur ethnice minority group.
Read Threat Lab

SilkBean

SilkBean is one of many families discovered in this long-running mobile APT surveillance campaign
Read Threat Lab

unc0ver

Unc0ver is a widely used jailbreak that has been present in the market for some time, and more recently started taking advantage of an iOS kernel vulnerability discovered in 2019.
Read Threat Lab

Cerberus

This new variant of the banking malware Cerberus has been observed being distributed via a breached MDM.
Read Threat Lab

iOS Mail

A vulnerability in the native iOS Mail app allowed an attacker to execute an attack with zero or one-click.
Read Threat Lab

Syrian Malware

There were over 70 Android apps associated with this long-running malware campaign.
Read Threat Lab

LightSpy

LightSpy was the malware behind the Poisoned News watering hole campaign on iOS.
Read Threat Lab

Voatz App

The Voatz mobile voting app, which was supposedly secured by another security SDK provider, showed many flaws in the app's security.
Read Threat Lab

ReboundRAT

This attackers behind this remote access trojan (RAT) attack used social engineering to target Israeli Defense Force (IDF) soldiers.
Read Threat Lab

iOS 14.3

Apple announced three exploitable vulnerabilities in iOS 14.3. Two of them were tied to the Apple WebKit, while the third was a vulnerability of the device kernel.
Read Threat Lab

Mobile APT

Amazon's CEO was targeted by a mobile advanced persistent threat (APT) that enabled the attacker to exfiltrate data with a compromised video file sent to the victim via WhatsApp.
Read Threat Lab

ToTok

ToTok is a very popular chat app used in the Middle East that was discovered to be spying on all its users despite not having any nefarious permissions built into the app.
Read Threat Lab

xHelper

This malware can deploy second-stage malware payloads with dangerous capabilities such as stealing user login information, keylogging, deploying ransomware, and bypassing MFA with SMS interception.
Read Threat Lab

AzSpy

AzSpy appeared to be part of a commercial Android spy platform, known as FullSpy, with a user login page to monitor infected devices.
Read Threat Lab

UN & NGO Phishing

This campaign targeted non-governmental organizations around the world, including but not limited to UN and humanitarian organizations.
Read Threat Lab

ArmaSpy

ArmaSpy was a surveillance family, which appears to have been targeting Iranian users since late 2016 with new samples discovered as recently as mid-2019
Read Threat Lab

Phishing Targeting Verizon Employees

Phishing AI discovered this campaign targeting Verizon employees on mobile devices.
Read Threat Lab

SimJacker

SimJacker is a vulnerability in the SIM card of certain iOS and Android devices that is executed via a specially crafted SMS message sent to the target device.
Read Threat Lab

Joker

Joker is a widely-used trojan that continues to appear in apps on the Google Play Store.
Read Threat Lab

Monokle

Monokle is an advanced and highly-targeted surveillanceware developed by Russian firm STC. It has a number of highly unique capabilities for infecting and stealing data from Android devices
Read Threat Lab

Monokle Technical Report

A full technical report breaking down a sophisticated mobile malware campaign developed by STC, a Russian military contractor that interfered with the 2016 US Presidential elections
Read Threat Lab

InfectedAds/AgentSmith

This is a family of applications that infects programs by adding its own components to a target Android Package (APK) without changing its digital signature.
Read Threat Lab

BeiTaAd

BeiTaAd was a well-obfuscated advertising plugin that forcibly displayed ads on the user’s lock screen, triggered video and audio advertisements even while the phone is asleep.
Read Threat Lab

Phishing Targeting AT&T Employees

Phishing AI discovered this campaign targeting AT&T employees on mobile devices.
Read Threat Lab

eSurvAgent

eSurvAgent is a sophisticated Android surveillanceware agent.
Read Threat Lab

Sign-up for the latest Lookout news and threat research

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Discover how Lookout can protect your data