How to Protect Yourself from NSO's Pegasus Spyware

Even five years after Lookout and Citizen Lab discovered it, advanced mobile spyware Pegasus remains highly relevant.

Lookout Obtains FedRAMP JAB P-ATO for SASE: What It Means for You

As the federal government continues to emphasize the importance of Zero Trust, Lookout has achieved a major milestone to aid in those efforts.

Energy Industry Faced with 161% Surge in Mobile Phishing

To help the energy industry react to evolving cyber threats, Lookout today published the 2021 Lookout Energy Industry Threat Report.

Rooting Malware Makes Comeback: Lookout Discovers Global Campaign

Security researchers at the Lookout Threat Labs have identified a new rooting malware distributed on Google Play, the Amazon Appstore and the Samsung Galaxy Store.

Malware as a Service Meets Mobile Phishing: A Dangerous Combo

This campaign is the latest example of how attacks are leveraging various mobile-targeting methods to maximize their return.

When Legit Apps Turn Malicious. Hint: It Happens Often

A popular Android app Barcode Scanner was recently found to be infected with adware. After an update in late 2020, it started pushing advertising to users without warning.

Top Three Threats Facing US Government Employees Amid Telework

All levels of government are increasingly exposed to credential-harvesting mobile attacks as well as risks from adware and outdated operating systems.

Confucius APT Android Spyware Linked to India-Pakistan Conflict

The Lookout Threat Intelligence team has discovered two novel Android surveillanceware – Hornbill and SunBird.

New Spyware Used by Sextortionists | iOS/Android Blackmail

The Lookout Threat Intelligence team has discovered a new mobile app threat targeting iOS and Android users in Chinese speaking countries, Korea and Japan.

Multiyear Surveillance Campaigns Discovered Targeting Uyghurs

The Lookout Threat Intelligence team has discovered four Android surveillanceware tools used as part of a much larger mAPT (mobile advanced persistent threat).

Nation-state Mobile Malware Targets Syrians with COVID-19 Lures

Lookout researchers have uncovered a long-running surveillance campaign tied to Syrian nation-state actors.

Lookout Partners With Google To Protect Users From App Risk

With this partnership, Lookout can stop malicious apps before they become a threat by scanning apps submitted to the Google Play Store before they are available for download.

New Surveillanceware Developed by Russian Defence Contractor

Monokle is a new and sophisticated set of custom Android surveillanceware tools developed by the Russia-based company, Special Technology Centre, Ltd.

Adware "BeiTaAd" Found Hidden in Popular Applications

BeiTaAd is a well-obfuscated advertising plug-in hidden within a number of popular applications in Google Play. Discover more about this mobile threat.

The mAPT Has Arrived

Mobile has emerged as a key component of the Advanced Persistent Threat arsenal and is the ideal weapon for cyber espionage.

Tropic Trooper Goes Mobile With Titan Surveillanceware

Learn about Titan, a family of sophisticated Android surveillanceware apps surfaced by Lookout's automated analysis that is linked to the same actors behind Tropic Trooper.

FrozenCell: Multi-Platform Surveillance Against Palestinians

Lookout researchers have discovered a new mobile surveillanceware family, FrozenCell. The threat is likely targeting employees of various Palestinian agencies and facilities.

XRAT Malware Tied to "Xsser/MRAT" Surveillance

Lookout have identified a mobile trojan called xRAT with extensive data collection functionality and the ability to remotely run a suicide function to avoid detection.

3 Insights From the Gartner Hype Cycle for Mobile Security 2017

Gartner recently released its July 2017 Hype Cycle for Mobile Security 2017, confirming that mobile threat defense (MTD) has matured as a key enterprise security technology.

Data Compromise via Mobile Threats: Enterprises Facing Attacks

Mobile threats are more complex than a piece of malware in a third-party app store. In this blog post we dissect the “threats” component of the Mobile Risk Matrix.

ViperRat - Mobile APT Targeting Israeli Defense Force

Using data collected from the Lookout global sensor network, the Lookout research team was able to gain unique visibility into the ViperRAT malware.

Security Alert: Apple Just Patched Trident in Macs, Too

Lookout and our partners discovered another detail: three software holes were present in Apple’s Mac computers.

The New NotCompatible | Threat to Enterprise Networks

Over the past two years, Lookout has tracked the evolution of NotCompatible, which has set a new bar for mobile malware sophistication and operational complexity.

Just the Facts: Xsser mRAT iOS Malware

There has been a lot of alarm about Xsser mRAT, the iOS and while there might be some cause for concern, we wanted lay out the facts as we see them.

Heartbleed + Android: A Not-So Love Story

We gathered information from our Heartbleed Detector app, which will tell you if your Android device is affected by the Heartbleed vulnerability.

Heartbleed: A Note from Lookout

The issue is called Heartbleed, a critical bug in “OpenSSL” -- software which roughly two thirds of the Internet uses to keep connections secure.

Understanding Mobile App Risks

As organizations embrace smartphones and tablets in the workplace as a primary way for their workers to access data. But with greater flexibility comes greater risks.

The Mobile Enterprise: Where the Risk Is Bigger Than Malware and Phishing

In this data-based report, you'll benefit from a comprehensive overview of the real-world risk landscape facing businesses like yours.

Monokle Technical Report

What is Monokle, and why can it possess remote access trojan (RAT) functionality? Discover more with Lookout & the landscape of mobile threat intelligence.

Pegasus for iOS Technical Report

Pegasus is highly advanced in its use of zero-days, obfuscation, encryption, and kernel-level exploitation.

Pegasus for Android Technical Report

Chrysaor is the Android variant of the Pegasus surveillanceware. Discover how the threat uses an otherwise well-known rooting technique called Framaroot.

Technical Analysis of Pegasus Whitepaper

Read Lookout's investigation into this highly sophisticated espionage software. The attack takes advantage of how essential mobile devices in our lives.

Sharkbot V2

Threat researchers discovered multiple Google Play listings for dropper apps which installed the infamous mobile banking trojan Sharkbot.

Spyware in the Enterprise

The Lookout Threat Intel team's recent discovery of Hermit, a mobile surveillanceware tool, shows how mobile surveillanceware could adversely affect enterprise organizations

8 iOS & Android CVEs

CISA recently announced several exploitable mobile vulnerabilities that can affect both Android and iOS devices. They vary in severity and can be deployed in several ways.

Alien Banking Trojan

The Alien mobile malware, which is a variant of Cerberus, joins the likes of Eventbot, Cerberus, and Anubis as well-known and highly customizable banking malware.

Predator & Pegasus

This one-page threat guidance provides insight into the newly-discovered Predator spyware, which was discovered alongside Pegasus on two Egyptians' phones.

AbstractEmu: Mobile Rooting Malware

Security researchers at the Lookout Threat Lab have identified a new rooting malware distributed on Google Play, Amazon Appstore and the Samsung Galaxy Store.

Lookout Security Platform Bundles Brochure

Because they now sit at the intersection of your work and personal lives, mobile devices are with you from the moment you wake up to when you go to sleep.

Why Lookout App Defense for Mobile is a Need for Financial Services

As more organization pivot to remote work, learn why proactive mobile embedded app defense is a must-have for financial services.

NSO Group & Pegasus

A data leak of more than 50,000 phone numbers revealed a list of identified persons of interest by clients of NSO, developers of the Pegasus malware, since 2016.

REvil Ransomware Attack on Kaseya

Kaseya recently fell victim to a ransomware attack executed by the REvil group. In all between 800 and 1,500 businesses down the chain were affected by this attack.

BitScam & CloudScam: Crypto Scamming Apps

Lookout Researchers have discovered almost 200 Android apps, including 25 on the Play Store, scamming cryptocurrency investors out of money.

Colonial Pipeline Ransomware Attack

The Colonial Pipeline ransomware attack demonstrated how cybercrime groups exploit diminishing visibility, legacy security systems, and mobile devices to extort money.

Modern Endpoint Protection

Traditional endpoint protection does not protect all of your endpoints, learn how Lookout protects against app, device, and network threats.

Lookout Mobile Endpoint Security

Security on mobile devices is often overlooked, creating a gap in your security architecture. Don't overlook the most used endpoint.


A customizable Malware-as-a-Service banking trojan delivered through any app with messaging capabilities.

Hornbill and Sunbird - Android Surveillanceware/RAT

Android surveilllanceware developed by a pro-India APT tageting Pakistani official.

SolarWinds: Software Supply Chain Attack

Solarwinds showed the effectiveness of a software supply chain attack, an effective tactic for compromising a high volume of devices with a single infected software update.

Protect Your Customers’ With Embedded AppDefense

Secure your cloud collaboration and productivity with full visibility and control.

Goontact: iOS and Android Malware

A blackmail and sextortion campaign targeting individual users on both iOS and Android

AndroidOS/MalLocker.B Ransomware

This is a variant of an existing mobile ransomware with novel techniques and behavior on Android devices.

Mintegral SDK (SourMint)

The advertising SDK by Mintegral used in iOS apps had some risky permissions that could violate end-user privacy.


Updated version of the TikTok Threat Guidance more up-to-date information and reviewed context around the current situation with where this app is sending user data.

Cerberus Distributed Via MDM

This new variant of the banking malware Cerberus has been observed being distributed via a breached MDM.

Syrian Malware Campaign Tied to Coronavirus/COVID-19

There were over 70 Android apps associated with this long-running malware campaign.


LightSpy was the malware behind the Poisoned News watering hole campaign on iOS.


This attackers behind this remote access trojan (RAT) attack used social engineering to target Israeli Defense Force (IDF) soldiers.

Lookout Discovery – Chinese Surveillanceware

Lookout is constantly discovering and researching new threats to protect and advise our customers

Lookout for Personal & Small Business

We secure mobility for the world's largest enterprises, the highest levels of government, hundreds of thousands of small businesses, and tens of millions of individuals.

Mobile Security Made Easy for Small Business

Securing corporate data from these risks shouldn’t be a roadblock for productivity, but rather a set of practices to ensure employees aren’t putting their organizations at risk.

Lookout + Buguroo Partnership Brief

Web and mobile apps have become a key part of everyday life to manage everything from booking travel to handling finances. This rise has also led to more attacks.

Mobile APT Attack on Amazon CEO

Amazon's CEO was targeted by a mobile advanced persistent threat (APT) that enabled the attacker to steal data with a compromised video file sent to the victim via WhatsApp.

Lookout for Small Business + Google G Suite

Enabling secure productivity of your mobile workforces.

Lookout for Small Business + Microsoft Office 365

Small businesses are increasingly relying on Microsoft Office 365 to enable their employees to work how they want and where they want. However, this comes with a big risk.

Lookout App Defense SDK

Smartphone apps have become an integral part of everyday life. Proactively protect your customers’ data and account credentials on mobile with Lookout App Defense.

Lookout for App Defense PSD2 Mobile Banking Regulation

Key security goals set by the Regulatory Technical Standards for PSD2 are the ability to detect malware and provide a security to mitigate risk on user devices.

Lookout Integrations and Alliances Overview

As the leading provider of mobile security, Lookout integrates with tools that help organizations benefit from unified security, visibility, and management of endpoints.

Lookout and Microsoft Partnering To Enable Secure Mobility

Organizations are increasingly adopting mobile management strategies for mobile, but in today’s evolving threat landscape it’s more challenging than ever to stay secure.


ToTok is a very popular chat app used in the Middle East that was discovered to be spying on all its users despite not having any nefarious permissions built into the app.


This malware can deploy second-stage malware payloads which can steal user login information, keylog, deploy ransomware, and bypass MFA with SMS interception.

Lookout Security Intelligence Team Discovery of AzSpy

AzSpy appeared to be part of a commercial Android spy platform, known as FullSpy, with a user login page to monitor infected devices.

Lookout Security Intelligence Team Discovery of ArmaSpy

ArmaSpy was a surveillance family, which appears to have been targeting Iranian users since late 2016 with new samples discovered as recently as mid-2019

Attack Targeting Verizon Corporate Employees

Phishing AI discovered this campaign targeting Verizon employees on mobile devices.

Joker Trojan

Joker is a widely-used trojan that continues to appear in apps on the Google Play Store.

Monokle RTD

Monokle is an advanced and highly-targeted surveillanceware developed by Russian firm STC. It has a number of unique capabilities for stealing data from Android devices

InfectedAds/AgentSmith RTD

This is a family of applications that infects programs by adding its own components to a target Android Package (APK) without changing its digital signature.

Lookout Security Intelligence Team's Discovery of BeiTaAd RTD

BeiTaAd is a well-obfuscated advertising plugin that forcibly displayed ads on the user’s lock screen, triggered video and audio advertisements even while the phone is asleep.

eSurvAgent RTD

eSurvAgent is a sophisticated Android surveillanceware agent.

Protect Your Customers’ Data and Account Credentials on Mobile

Mobile apps have become an integral part of everyday life. To win consumer engagement, almost every company is investing in mobile apps to deliver services to customers.

Proactively Protect Your Customers’ Data and Account Credentials on Mobile

Smartphone apps have become an integral part of everyday life. Almost every company is now investing in mobile apps to deliver innovative services to their customers.

Why Purchase Lookout App Defense

Advanced mobile app protection against customer data compromise and fraud.

Dark Caracal Technical Report

Dark Caracal Technical Report Executive Summary & Key Findings

Lookout Threat Advisory

Lookout Threat Advisory taps into the massive dataset from Lookout’s global sensor network to give you actionable intelligence on the latest mobile threats and risks.

The Pegasus Attack: How To Determine if You’re Impacted

Get visual, step-by-step instructions on how to determine if you've been affected by Pegasus.

Mobile Threat Protection

Lookout Mobile Threat Protection is a security solution for your mobile workforce to view and defeat evolving mobile threats.