How to Protect Yourself from NSO's Pegasus Spyware

Even five years after Lookout and Citizen Lab discovered it, advanced mobile spyware Pegasus remains highly relevant.


Lookout Obtains FedRAMP JAB P-ATO for SASE: What It Means for You

As the federal government continues to emphasize the importance of Zero Trust, Lookout has achieved a major milestone to aid in those efforts.


Energy Industry Faced with 161% Surge in Mobile Phishing

To help the energy industry react to evolving cyber threats, Lookout today published the 2021 Lookout Energy Industry Threat Report.

Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign

Security researchers at the Lookout Threat Labs have identified a new rooting malware distributed on Google Play, the Amazon Appstore and the Samsung Galaxy Store.

Malware as a Service Meets Mobile Phishing: A Dangerous Combo

This campaign is the latest example of how attacks are leveraging various mobile-targeting methods to maximize their return.


When Legit Apps Turn Malicious. Hint: It Happens Often

A popular Android app Barcode Scanner was recently found to be infected with adware. After an update in late 2020, it started pushing advertising to users without warning.


Top Three Threats Facing US Government Employees Amid Telework

All levels of government are increasingly exposed to credential-harvesting mobile attacks as well as risks from adware and outdated operating systems.


Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict

The Lookout Threat Intelligence team has discovered two novel Android surveillanceware – Hornbill and SunBird.


New Spyware Used by Sextortionists | iOS/Android Blackmail

The Lookout Threat Intelligence team has discovered a new mobile app threat targeting iOS and Android users in Chinese speaking countries, Korea and Japan.

Lookout and AT&T Delivering Advanced Security

AT&T has announced new security features for customers who subscribe to its Unlimited Elite and Extra plans, as well as its Unlimited Business Performance and Elite plans


Multiyear Surveillance Campaigns Discovered Targeting Uyghurs

The Lookout Threat Intelligence team has discovered four Android surveillanceware tools used as part of a much larger mAPT (mobile advanced persistent threat).


Nation-state Mobile Malware Targets Syrians with COVID-19 Lures

Lookout researchers have uncovered a long-running surveillance campaign tied to Syrian nation-state actors.

New Threat - Commercial Surveillanceware Operators Exploit COVID-19

Are cybercriminals and scammer's taking advantage of increased communication around COVID-19? Discovery shows new surveillanceware exploits the pandemic.

Lookout Partners With Google To Protect Users From App Risk

With this partnership, Lookout can stop malicious apps before they become a threat by scanning apps submitted to the Google Play Store before they are available for download.


New Surveillanceware Developed by Russian Defence Contractor

Monokle is a new and sophisticated set of custom Android surveillanceware tools developed by the Russia-based company, Special Technology Centre, Ltd.


Adware "BeiTaAd" Found Hidden in Popular Applications

BeiTaAd is a well-obfuscated advertising plug-in hidden within a number of popular applications in Google Play. Discover more about this mobile threat.

Commercial Spyware Has a New Name: Stalkerware

Stories like Pegasus and Dark Caracal’s Pallas are memorable because they tell a story of severe privacy threat with profound impact on victims’ lives.

Mobile Banking Continues to be Primary Target for Trojan Attacks

Lookout continues to see advanced trojans targeting mobile banking users resulting in customer data compromise and fraudulent transactions.

mAPT ViperRAT Found in Google Play

Lookout researchers discovered samples belonging to the ViperRAT malware family, a known mobile advanced persistent threat (mAPT), in the Google Play Store.

New Surveillanceware in Google Play Targeting Middle East

Lookout researchers have identified a new, highly targeted surveillanceware family known as Desert Scorpion in the Google Play Store.


The mAPT Has Arrived

Mobile has emerged as a key component of the Advanced Persistent Threat arsenal and is the ideal weapon for cyber espionage.


Tropic Trooper Goes Mobile With Titan Surveillanceware

Learn about Titan, a family of sophisticated Android surveillanceware apps surfaced by Lookout's automated analysis that is linked to the same actors behind Tropic Trooper.


FrozenCell: Multi-Platform Surveillance Campaign Against Palestinians

Lookout researchers have discovered a new mobile surveillanceware family, FrozenCell. The threat is likely targeting employees of various Palestinian agencies and facilities.


XRAT Malware Tied to "Xsser/MRAT" Surveillance

Lookout have identified a mobile trojan called xRAT with extensive data collection functionality and the ability to remotely run a suicide function to avoid detection.


3 Insights From the Gartner Hype Cycle for Mobile Security 2017

Gartner recently released its July 2017 Hype Cycle for Mobile Security 2017, confirming that mobile threat defense (MTD) has matured as a key enterprise security technology.


Data Compromise via Mobile Threats: Enterprises Are Facing Attacks

Mobile threats are more complex than a piece of malware in a third-party app store. In this blog post we dissect the “threats” component of the Mobile Risk Matrix.

Mobile Safari Scareware Campaign Thwarted

Apple released an update to iOS (10.3) changing how Mobile Safari handles JavaScript pop-ups after Lookout discovered scammers using the functionality to execute scareware.


ViperRat - Mobile APT Targeting Israeli Defense Force

Using data collected from the Lookout global sensor network, the Lookout research team was able to gain unique visibility into the ViperRAT malware.


Security Alert: Apple Just Patched Trident in Macs, Too

Lookout and our partners discovered another detail: three software holes were present in Apple’s Mac computers.

Can a Phone Be Hacked? Watch Lookout on 60 Minutes

60 Minutes featured Lookout co-founder John Hering and a number of other well-known and respected security researchers demonstrating mobile attacks.


Good News: Lookout Can Protect You From XcodeGhost

Lookout protects you from XcodeGhost by automatically detecting and alerting you to the offending app. See how iOS users are being protected with Lookout.

DeathRing: Pre-Loaded Malware Hits Smartphones

DeathRing is a Chinese Trojan that is pre-installed on a number of smartphones most popular in Asian and African countries.


The New NotCompatible | Threat to Enterprise Networks

Over the past two years, Lookout has tracked the evolution of NotCompatible, which has set a new bar for mobile malware sophistication and operational complexity.


Just the Facts: Xsser mRAT iOS Malware

There has been a lot of alarm about Xsser mRAT, the iOS and while there might be some cause for concern, we wanted lay out the facts as we see them.


Heartbleed + Android: A Not-So Love Story

We gathered information from our Heartbleed Detector app, which will tell you if your Android device is affected by the Heartbleed vulnerability.

MouaBad: When Your Phone Comes Pre-Loaded With Malware

MouaBad is a surreptitious little malware with a number of variants that authors are flashing onto phones’ headed to consumers firmware.


Heartbleed: A Note from Lookout

The issue is called Heartbleed, a critical bug in “OpenSSL” -- software which roughly two thirds of the Internet uses to keep connections secure.

Understanding Mobile App Risks

As organizations embrace smartphones and tablets in the workplace as a primary way for their workers to access data. But with greater flexibility comes greater risks.

The Authoritative Guide to the Top CASB Use Cases

This whitepaper will share insight into the key use cases and overview the benefits that provide a strong return on investment for CASB✛ users.

Protecting Mobile Point of Sale (MPoS) & Financial Apps

Learn how the Lookout App Defense Solution is protecting leading mPOS providers, mobile banking and finance/fintech apps from cyber threats.

The Mobile Enterprise: Where the Risk Is Bigger Than Malware and Phishing

In this data-based report, you'll benefit from a comprehensive overview of the real-world risk landscape facing businesses like yours.

Secure Your Mobile Workforce

Allowing employees to work productively from any device and any location can open users to the risks that come with the shared nature of a mobile device.

Monokle Technical Report

What is Monokle, and why can it possess remote access trojan (RAT) functionality? Discover more with Lookout & the landscape of mobile threat intelligence.

Pegasus for iOS Technical Report

Pegasus is highly advanced in its use of zero-days, obfuscation, encryption, and kernel-level exploitation.

Pegasus for Android Technical Report

Chrysaor is the Android variant of the Pegasus surveillanceware. Discover how the threat uses an otherwise well-known rooting technique called Framaroot.

Technical Analysis of Pegasus Whitepaper

Read Lookout's investigation into this highly sophisticated espionage software. The attack takes advantage of how essential mobile devices in our lives.

Sharkbot V2

Threat researchers discovered multiple Google Play listings for dropper apps which installed the infamous mobile banking trojan Sharkbot.

Spyware in the Enterprise

The Lookout Threat Intel team's recent discovery of Hermit, a mobile surveillanceware tool, shows how mobile surveillanceware could adversely affect enterprise organizations

8 iOS & Android CVEs

CISA recently announced several exploitable mobile vulnerabilities that can affect both Android and iOS devices. They vary in severity and can be deployed in several ways.

How Does Secure Web Gateway Work

Can a Secure Web Gateway help secure my business’ data and workforce? Secure Web Gateway (SWG) protects web surfing users by filtering malware.

Better Preparing the Workforce for Cybersecurity Threats

Phishing attacks are becoming an increasingly common avenue for threat actors to deploy malware and ransomware.

Abstract Emu Threat Report

Researchers at the Lookout Threat Lab have identified a new rooting malware distributed on Google Play, Amazon Appstore and the Samsung Galaxy Store.

Alien Banking Trojan

The Alien mobile malware, which is a variant of Cerberus, joins the likes of Eventbot, Cerberus, and Anubis as well-known and highly customizable banking malware.

Predator & Pegasus

This one-page threat guidance provides insight into the newly-discovered Predator spyware, which was discovered alongside Pegasus on two Egyptians' phones.

AbstractEmu: Mobile Rooting Malware

Security researchers at the Lookout Threat Lab have identified a new rooting malware distributed on Google Play, Amazon Appstore and the Samsung Galaxy Store.

Lookout Security Platform Bundles Brochure

Because they now sit at the intersection of your work and personal lives, mobile devices are with you from the moment you wake up to when you go to sleep.

Why Lookout App Defense for Mobile is a Need for Financial Services

As more organization pivot to remote work, learn why proactive mobile embedded app defense is a must-have for financial services.

U.S. Federal Mobile Threats

Lookout analyzed its mobile security data to provide a view into the current mobile security risks facing US Federal government mobile users.

Know Thy Enemy: What Is Pegasus and What Can You Do?

Veteran of the cybersecurity industry, Joseph Davis of Microsoft, explains how spyware came to be, its implications and how you can protect yourself and your organization

NSO Group & Pegasus

A data leak of more than 50,000 phone numbers revealed a list of identified persons of interest by clients of NSO, developers of the Pegasus malware, since 2016.

REvil Ransomware Attack on Kaseya

Kaseya recently fell victim to a ransomware attack executed by the REvil group. In all between 800 and 1,500 businesses down the chain were affected by this attack.

BitScam & CloudScam: Crypto Scamming Apps

Lookout Researchers have discovered almost 200 Android apps, including 25 on the Play Store, scamming cryptocurrency investors out of money.

Colonial Pipeline Ransomware Attack

The Colonial Pipeline ransomware attack demonstrated how cybercrime groups exploit diminishing visibility, legacy security systems, and mobile devices to extort money.

Lookout Mobile Endpoint Security

Security on mobile devices is often overlooked, creating a gap in your security architecture. Don't overlook the most used endpoint.

Modern Endpoint Protection

Traditional endpoint protection does not protect all of your endpoints, learn how Lookout protects against app, device, and network threats.


A customizable Malware-as-a-Service banking trojan delivered through any app with messaging capabilities.

Hornbill and Sunbird - Android Surveillanceware/RAT

Android surveilllanceware developed by a pro-India APT tageting Pakistani official.

The Supply Chain Reaction: Lessons from SolarWinds

In this episode, Tim LeMaster, Director of Systems Engineering at Lookout, discusses SolarWinds and how a Zero Trust security model can safeguard your infrastructure.

SolarWinds: Software Supply Chain Attack

Solarwinds showed the effectiveness of a software supply chain attack, an effective tactic for compromising a high volume of devices with a single infected software update.

Your App Is Your Business

Embed security into the apps your patients and staff use to protect your practice.

Protect Your Customers’ With Embedded AppDefense

Secure your cloud collaboration and productivity with full visibility and control.

Goontact: iOS and Android Malware

A blackmail and sextortion campaign targeting individual users on both iOS and Android

Mobile Threats Are Evolving. Is Your Security?

The rise in mobile device use has facilitated an increase in mobile security concerns.

AndroidOS/MalLocker.B Ransomware

This is a variant of an existing mobile ransomware with novel techniques and behavior on Android devices.

Mintegral SDK (SourMint)

The advertising SDK by Mintegral used in iOS apps had some risky permissions that could violate end-user privacy.


Updated version of the TikTok Threat Guidance more up-to-date information and reviewed context around the current situation with where this app is sending user data.

Cerberus Distributed Via MDM

This new variant of the banking malware Cerberus has been observed being distributed via a breached MDM.

Syrian Malware Campaign Tied to Coronavirus/COVID-19

There were over 70 Android apps associated with this long-running malware campaign.


LightSpy was the malware behind the Poisoned News watering hole campaign on iOS.


This attackers behind this remote access trojan (RAT) attack used social engineering to target Israeli Defense Force (IDF) soldiers.

Lookout Discovery – Chinese Surveillanceware

Lookout is constantly discovering and researching new threats to protect and advise our customers

Mobile Threats: MalApp

Get visibility into the full spectrum of mobile risk to protect intellectual property and increase productivity.

Mobile Security Made Easy for Small Business

Securing corporate data from these risks shouldn’t be a roadblock for productivity, but rather a set of practices to ensure employees aren’t putting their organizations at risk.

Lookout + Buguroo Partnership Brief

Web and mobile apps have become a key part of everyday life to manage everything from booking travel to handling finances. This rise has also led to more attacks.

Lookout for Personal & Small Business

We secure mobility for the world's largest enterprises, the highest levels of government, hundreds of thousands of small businesses, and tens of millions of individuals.

Post-Perimeter Security for Government

See surprising mobile device trends among federal employees and learn how to implement post-perimeter security at your organization.

Mobile APT Attack on Amazon CEO

Amazon's CEO was targeted by a mobile advanced persistent threat (APT) that enabled the attacker to steal data with a compromised video file sent to the victim via WhatsApp.

Lookout for Small Business + Google G Suite

Enabling secure productivity of your mobile workforces.

Lookout for Small Business + Microsoft Office 365

Small businesses are increasingly relying on Microsoft Office 365 to enable their employees to work how they want and where they want. However, this comes with a big risk.

Don’t Let Mobile Devices Cause the Next Big Heist

Financial services industry employees and customers rely on tablets and smartphones and threat actors are constantly finding ways to exploit them to access cloud infrastructure.

Lookout App Defense SDK

Smartphone apps have become an integral part of everyday life. Proactively protect your customers’ data and account credentials on mobile with Lookout App Defense.

Lookout for App Defense PSD2 Mobile Banking Regulation

Key security goals set by the Regulatory Technical Standards for PSD2 are the ability to detect malware and provide a security to mitigate risk on user devices.

Lookout Integrations and Alliances Overview

As the leading provider of mobile security, Lookout integrates with tools that help organizations benefit from unified security, visibility, and management of endpoints.

Lookout and Microsoft Partnering To Enable Secure Mobility

Organizations are increasingly adopting mobile management strategies for mobile, but in today’s evolving threat landscape it’s more challenging than ever to stay secure.


ToTok is a very popular chat app used in the Middle East that was discovered to be spying on all its users despite not having any nefarious permissions built into the app.


This malware can deploy second-stage malware payloads which can steal user login information, keylog, deploy ransomware, and bypass MFA with SMS interception.

Lookout Security Intelligence Team Discovery of AzSpy

AzSpy appeared to be part of a commercial Android spy platform, known as FullSpy, with a user login page to monitor infected devices.

Lookout Security Intelligence Team Discovery of ArmaSpy

ArmaSpy was a surveillance family, which appears to have been targeting Iranian users since late 2016 with new samples discovered as recently as mid-2019

Attack Targeting Verizon Corporate Employees

Phishing AI discovered this campaign targeting Verizon employees on mobile devices.

Joker Trojan

Joker is a widely-used trojan that continues to appear in apps on the Google Play Store.

Monokle RTD

Monokle is an advanced and highly-targeted surveillanceware developed by Russian firm STC. It has a number of unique capabilities for stealing data from Android devices

InfectedAds/AgentSmith RTD

This is a family of applications that infects programs by adding its own components to a target Android Package (APK) without changing its digital signature.

Lookout Security Intelligence Team's Discovery of BeiTaAd RTD

BeiTaAd is a well-obfuscated advertising plugin that forcibly displayed ads on the user’s lock screen, triggered video and audio advertisements even while the phone is asleep.

eSurvAgent RTD

eSurvAgent is a sophisticated Android surveillanceware agent.

Nation State Mobile Surveillanceware Using Phishing To Con Victims

Lookout Security Intelligence has discovered a set of custom Android and iOS surveillanceware tools we’re respectively calling Stealth Mango and Tangelo.

Proactively Protect Your Customers’ Data and Account Credentials on Mobile

Smartphone apps have become an integral part of everyday life. Almost every company is now investing in mobile apps to deliver innovative services to their customers.

Protect Your Customers’ Data and Account Credentials on Mobile

Mobile apps have become an integral part of everyday life. To win consumer engagement, almost every company is investing in mobile apps to deliver services to customers.

Why Purchase Lookout App Defense

Advanced mobile app protection against customer data compromise and fraud.

Dark Caracal Technical Report

Dark Caracal Technical Report Executive Summary & Key Findings

Lookout Threat Advisory

Lookout Threat Advisory taps into the massive dataset from Lookout’s global sensor network to give you actionable intelligence on the latest mobile threats and risks.

The Pegasus Attack: How To Determine if You’re Impacted

Get visual, step-by-step instructions on how to determine if you've been affected by Pegasus.

Mobile Threat Protection

Lookout Mobile Threat Protection is a security solution for your mobile workforce to view and defeat evolving mobile threats.