Threat Intelligence

Throughout 2022, threat actors have been masquerading as the postal service Singapore Post (SingPost) and one of Singapore’s leading telecommunications companies Singtel.

Researchers at Lookout Threat Lab have discovered close to 300 mobile loan applications on Google Play and the Apple App Store that exhibit predatory behavior.

Researchers from Lookout Threat Lab have uncovered two new surveillance campaigns, BadBazaar and MOONSHINE, targeting Uyghurs in the People’s Republic of China and abroad.

Even five years after Lookout and Citizen Lab discovered it, advanced mobile spyware Pegasus remains highly relevant.

Lookout Threat Lab researchers have uncovered enterprise-grade Android surveillanceware used by the government of Kazakhstan within its borders.

This Pfizer IP leak exemplifies a rather mundane problem that has been amplified by cloud connectivity: data leakage.

Lookout researchers discovered a distribution of the Anubis banking malware masquerading as the official management app from the telecommunications company, Orange S.A..

Lookout researchers have discovered a novel distribution of the Anubis Android banking malware masquerading as telecommunications company, Orange S.A.

Lookout Threat Lab researchers looking into phishing campaign that has actively targeted families of United States military personnel. Details inside.

We discuss the opportunities and challenges mobile and cloud technologies have created with Art Ashmann, Staff EUC Solutions Engineer at VMware.

Security researchers at the Lookout Threat Labs have identified a new rooting malware distributed on Google Play, the Amazon Appstore and the Samsung Galaxy Store.

Security researchers at the Lookout Threat Lab have identified over 170 Android apps, including 26 on Google Play, scamming people interested in cryptocurrencies.

FluBot is a cheap but highly customizable baking trojan. SMS phishing takes advantage of the trust we put on our mobile devices.

The exponential growth in success illustrates the fact that the tech industry is determined to reverse the diversity trend and encourage more women to join the field.

A popular Android app Barcode Scanner was recently found to be infected with adware. After an update in late 2020, it started pushing advertising to users without warning.

As a member of the Lookout threat intelligence team, I’m often asked: “how do I break into the cybersecurity and IT industry?” I discuss this and more with Victoria Mosby.

The Lookout Threat Intelligence team has discovered two novel Android surveillanceware – Hornbill and SunBird.

The main theme I want to get across here is that data privacy is essential, especially as we continue to rely on our mobile devices for personal and...

On 12/17/2020, CISA put out an alert about an advanced persistent threat (APT) that compromised a number of U.S. government agencies, tech companies and public facilities.

Here are five predictions about how we anticipate individuals and organizations will be forced to confront the threats targeting their information, privacy and devices.

The Lookout Threat Intelligence team has discovered a new mobile app threat targeting iOS and Android users in Chinese speaking countries, Korea and Japan.

The Lookout Threat Intelligence team has discovered four Android surveillanceware tools used as part of a much larger mAPT (mobile advanced persistent threat).

Lookout researchers have uncovered a long-running surveillance campaign tied to Syrian nation-state actors.

Are cybercriminals and scammer's taking advantage of increased communication around COVID-19? Discovery shows new surveillanceware exploits the pandemic.

Lookout Phishing AI discovered a phishing campaign targeting customers via SMS messaging to lure them to fake websites of well-known Canadian and American banks.

We sat down with our Head of Threat Intelligence, Christoph Hebeisen, to learn what it means to be a security researcher in a world of constantly evolving threats.

Lookout Phishing AI has detected a mobile-aware phishing campaign targeting non-governmental organizations around the world, including UNICEF.

In anticipation of the Day of Shecurity San Francisco, happening on October 11, we sat down with a few of our security intelligence engineers.

Based on millions of iOS users that have installed Lookout and Lookout for Work apps, more than 80% of iPhones are vulnerable.

Monokle is a new and sophisticated set of custom Android surveillanceware tools developed by the Russia-based company, Special Technology Centre, Ltd.

BeiTaAd is a well-obfuscated advertising plug-in hidden within a number of popular applications in Google Play. Discover more about this mobile threat.

Lookout Phishing AI has detected a campaign impersonating local government websites, including the City of San Mateo, City of Tampa, and Dallas County.

Stories like Pegasus and Dark Caracal’s Pallas are memorable because they tell a story of severe privacy threat with profound impact on victims’ lives.

Lookout researchers have been tracking Android and iOS surveillanceware, that can exfiltrate contacts, recordings, photos, & more. Discover what was found.

Based on attacker communications found on a command and control server, this talk provides rare insight into a nation state’s $23 million surveillance program.

Lookout researchers have disabled DressCode, an Android malware family, with their click fraud business model and malware designed to evade detection in novel ways.

As reported in the media, Lookout has discovered a customer phishing kit targeted at the Democratic National Committee (DNC) via a third-party technology provider NGP VAN.

Lookout Security Intelligence has discovered Android and iOS surveillanceware tools targeting govt. officials, diplomats, military personnel, and activists.

Lookout researchers discovered samples belonging to the ViperRAT malware family, a known mobile advanced persistent threat (mAPT), in the Google Play Store.

Lookout researchers have identified a new, highly targeted surveillanceware family known as Desert Scorpion in the Google Play Store.

BancaMarStealer, also known as Marcher, is a malware family designed to phish a victim's banking (or other service) credentials.

Lookout and Electronic Frontier Foundation (EFF) have discovered Dark Caracal, a persistent and prolific actor running a global espionage campaign.

Lookout has discovered new variants of the SpyWaller surveillanceware with advanced espionage capabilities.

When done correctly, ML helps organizations defend against new, novel, and increasingly sophisticated mobile threats.

Lookout has identified three apps disguised as bitcoin wallet apps, previously in the Google Play Store, that trick victims into sending payments to bitcoin addresses.

Learn about Titan, a family of sophisticated Android surveillanceware apps surfaced by Lookout's automated analysis that is linked to the same actors behind Tropic Trooper.

Lookout researchers are monitoring the evolution of an Android surveillanceware family known as JadeRAT, we believe may be connected to a government sponsored APT group.

Mobile device vulnerabilities can have equally devastating consequences, including compliance fines and brand reputation loss.

Here’s a little insight into the fundamentals of ML to help you separate empty claims and buzzwords from real value creation when evaluating cybersecurity solutions.

Lookout researchers have discovered a new mobile surveillanceware family, FrozenCell. The threat is likely targeting employees of various Palestinian agencies and facilities.

Lookout have identified a mobile trojan called xRAT with extensive data collection functionality and the ability to remotely run a suicide function to avoid detection.

The Lookout Security Intelligence team has discovered an advertising software development kit (SDK) called Igexin that had the capability of spying on victims.

Lookout researchers have identified over a thousand spyware apps related to a threat actor likely based in Iraq. Discover more with Lookout today.

Sometimes security research sheds light on the incredible amount of patience and creativity needed to better understand the inner workings of today’s latest technologies.

See this video to learn why enterprises should have visibility into sideloaded apps within their fleet of mobile devices.

The Spectrum of Mobile Risk research report and the Mobile Risk Matrix is designed to help security organizations understand the risks to enterprise data from mobility.

Lookout and Google are releasing research into the Android version of one of the most sophisticated and targeted mobile attacks we’ve seen in the wild: Pegasus.

Apple released an update to iOS (10.3) changing how Mobile Safari handles JavaScript pop-ups after Lookout discovered scammers using the functionality to execute scareware.

Using data collected from the Lookout global sensor network, the Lookout research team was able to gain unique visibility into the ViperRAT malware.

This is not actually a net new malware family, but rather it’s a variant of the family “Ghost Push,” a threat first discovered in 2014.

Today, Lookout released the technical details behind “Trident,” a series of iOS vulnerabilities that allow attackers to jailbreak a user’s device and install spyware.

Two especially critical flaws that allow an attacker to root or completely compromise a device have just been added to the litany of vulns on Android devices.

Through close collaboration with an enterprise customer, Lookout identified Overseer, a piece of spyware we found in four apps live on the Google Play store.

Encryption and VPNs are excellent tools that protect sensitive data in most situations. But, given the extreme sophistication of the Pegasus attack these tools won’t work.

Pegasus is a highly sophisticated piece of spyware that uses three previously unknown vulnerabilities called “Trident.” This is the most sophisticated mobile attack seen.

Lookout and our partners discovered another detail: three software holes were present in Apple’s Mac computers.

Citizen Lab and Lookout have uncovered a threat using three critical iOS zero-day vulnerabilities that form an attack chain that subverts even Apple’s security environment.

Lookout has discovered that an exploit in TCP also impacts nearly 80% of Android, or around 1.4 billion devices, based on an install base reported by Statista.

Apple released the latest version of iOS version 9.3.3 on July 18 including patches for 43 security vulnerabilities.

Pokemon Go, is arguably the biggest mobile game in US history, but while fame breeds fans — even employees in the enterprise — it also attracts many opportunistic attackers.

Shedun is trojanized adware that roots Android devices, masquerading as legitimate apps such as Facebook, Twitter, WhatsApp and Okta’s enterprise single sign-on app.

LevelDropper, an app in the Google Play Store that Lookout determined to be malicious, the latest example of a new and persisting trend in mobile threats: autorooting malware.

In late May 2016, the U.S. Department of Defense (DoD) released an advisory about an Android app called “CAC Scan,” which was found publicly available on Google Play.

Lookout recently identified an app called “Black Jack Free” in the Google Play store, which turned out to be a variant of the malware family Acecard.

Four recently uncovered threats targeting banking apps shine new light on why all apps that handle sensitive data need to be secured from the inside out.

With the help of the Lookout Security Cloud, we confirmed our suspicions that the author(s) behind the Brain Test malware had slipped additional malicious apps to Google Play.

What solitaire app in Google Play’s gaming category is actually a version of the malware family FruitSMS? See what has been done at Lookout.com today.

In addition to rooting a victim’s device, Lookout observed Shedun abusing the Android Accessibility Service for its malicious means.

Recently, news broke about a concerning app called InstaAgent. The app connects to the victim’s Instagram account and steals the user’s login credentials.

See why auto-rooting adware is a worrying development in the Android ecosystem. Discover more information in mobile security with Lookout today.

How did one of the most widely-used, South Korean government-approved "monitoring software" solutions actually leave children's data wide open? Learn more.

ShiftyBug is a piece of Android malware that roots a victim’s device and installs itself as a system application. What are the threats? Are you protected?

Lookout protects you from XcodeGhost by automatically detecting and alerting you to the offending app. See how iOS users are being protected with Lookout.

Researchers recently found a piece of iOS malware called XcodeGhost in a number of apps in the Apple App Store. XcodeGhost is a piece of malware that can steal data

XcodeGhost is the latest example that iOS devices, indeed any device, can be subject to attack and that even a highly-curated app store can contain malicious apps.

After hacking a Tesla over the past year, Kevin Mahaffey came to a simple conclusion: “When you connect a car to the Internet, it is a computer on wheels.”

The recently revealed KeyRaider is yet another proof point that malicious actors are looking to tinker with iOS.

Vehicles are becoming computers on wheels with today's ever-changing auto tech. See why the auto industry must consider cybersecurity more than ever before.

Vehicles are becoming computers on wheels and now have more in common with your laptop than they do the Model T.

Update: We have released a detector app to help you know whether your device is affected. Learn more here. What is Stagefright?

This week, the security world exploded with the news that Hacking Team, a vendor of Italian spyware was hacked.

The accessibility service in Android helps give the disabled and individuals with restricted access to their phones alternative ways to interact with their mobile devices.

What is the FREAK vulnerability? FREAK is the latest in a line of recently uncovered vulnerabilities affecting the way communications are secured over the Internet.

Lookout has found 13 instances, or apps, with adware in Google Play, some of which pretend to be Facebook and have malware-like characteristics.

Today, privacy tools are of increased importance. They help people understand what kind of data they're sharing and can help keep your personal information personal.

DeathRing is a Chinese Trojan that is pre-installed on a number of smartphones most popular in Asian and African countries.

Over the past two years, Lookout has tracked the evolution of NotCompatible, which has set a new bar for mobile malware sophistication and operational complexity.

WireLurker, the iOS malware hitting headlines this morning, is a proof point that malware authors are turning their heads toward the tiny computers living in your pockets.

Android got a security leg-up in today’s roll out of Lollipop, the latest mobile operating system version to come out of Google.

Poodle lets criminals hijack your secured sessions, steal the information needed to pretend to be you, and then act on your behalf.