September 20, 2023
Lookout identified and analyzed an Android application sample of Deblind — a component of the Infamous Chisel Android surveillance tooling.
September 19, 2023
Google released a patch for a new zero-day vulnerability in Chrome tracked as CVE-2023-4863, which CISA also listed in their database.
September 18, 2023
An Android framework privilege escalation vulnerability, was recently discovered being exploited in the wild, and has since been fixed by the 2023-09-01
Lookout researchers discover advanced Android surveillanceware tied to Chinese espionage group APT41 known to target a wide range of public and private sector organizations.
CISA announced 7 actively exploited vulnerabilities recently which were fixed by the vendors over the time.
Triangulation malware is now known to be in use against Kaspersky employees for at least four years.
Researchers at the Lookout Threat Lab have discovered a new Android surveillance tied to the Law Enforcement Command of the Islamic Republic of Iran (FARAJA).
Google Project Zero listed 18 vulnerabilities in Samsung Exynos modems produced by Samsung Semiconductor.
Pinduoduo, a large Chinese online retailer, recently had their app removed from both the Google Play Store and iOS App Store because of malicious activity in their app.
Apple recently released iOS 16.3.1, which includes a number of critical security fixes for vulnerabilities including CVE-2023-23514 and CVE-2023-23529.
Researchers at Lookout have discovered close to 300 mobile loan applications on Google Play and the Apple App Store that exhibit predatory behavior.
Google TAG under Project Zero revealed an active kill chain that exploits vulnerabilities in Samsung devices.
Threat researchers discovered multiple Google Play listings for dropper apps which installed the infamous mobile banking trojan Sharkbot.
Researchers recently discovered and disclosed to Google nine vulnerabilities in Google Chrome for Android. The vulnerabilities are CVE-2022-1633 through CVE-2022-1641.
There has been a critical vulnerability in Acrobat Reader for Android devices that could enable an unauthorized user to execute arbitrary code executing on the user’s device.
Lookout researchers have discovered a novel distribution of the Anubis Android banking malware masquerading as telecommunications company, Orange S.A.
This one-page threat guidance provides insight into the newly-discovered Predator spyware, which was discovered alongside Pegasus on two Egyptians' phones.
Security researchers at Lookout have identified a new rooting malware distributed on Google Play, the Amazon Appstore and the Samsung Galaxy Store.
Dozens of crypto apps in the Play Store have scammed money from over 93,000 individuals
A number of apps that come preinstalled on Android devices were found to have vulnerabilities that could be exploited on any Samsung device.
Novel Android surveillanceware developed by pro-India APT group Confucius targeting Pakistani officials
The Lookout Threat Intelligence team has discovered two novel Android surveillanceware – Hornbill and SunBird.
A blackmail and sextortion campaign targeting individual users on both iOS and Android
The Lookout Threat Intelligence team has discovered a new mobile app threat targeting iOS and Android users in Chinese speaking countries, Korea and Japan.
This vulnerability affects Chrome for Android v86.0.4240.185 and below. In the event of a successful exploit, the actor could access any capability that the browser has.
This is a variant of an existing mobile ransomware with novel techniques and behavior on Android devices.
Vulnerability in Firefox for Android, found in the app's SSDP protocols, allows an attacker to trigger actions on a victim’s device if connected to the same Wi-Fi network.
This vulnerability in Instagram for Android app versions prior to 120.0.0.26.128 could allow attackers to take control of Instagram's functionality and permissions.
The Lookout Threat Intelligence team discovered four Android surveillanceware tools used to target the Uyghur ethnic minority group.
The Lookout Threat Intelligence team has discovered four Android surveillanceware tools used as part of a much larger mAPT (mobile advanced persistent threat).
Lookout conducted an in-depth analysis of the fake TikTok Pro app and has classified it as toll fraud malware.
Are cybercriminals and scammer's taking advantage of increased communication around COVID-19? Discovery shows new surveillanceware exploits the pandemic.
In January 2020, two US military organizations banned TikTok because of communication with servers in China and Russia.
ToTok is a very popular chat app used in the Middle East that was discovered to be spying on all its users despite not having any nefarious permissions built into the app.
Promon, a Lookout partner, reported on Strandhogg, a vulnerability in the Android OS that allows for one app to display an Activity in the UI context of another app.
This malware can deploy second-stage malware payloads which can steal user login information, keylog, deploy ransomware, and bypass MFA with SMS interception.
AzSpy appeared to be part of a commercial Android spy platform, known as FullSpy, with a user login page to monitor infected devices.
Joker is a widely-used trojan that continues to appear in apps on the Google Play Store.
SimJacker is a vulnerability in the SIM card of certain iOS and Android devices that is executed via a specially crafted SMS message sent to the target device.
Monokle is an advanced and highly-targeted surveillanceware developed by Russian firm STC. It has a number of unique capabilities for stealing data from Android devices
This is a family of applications that infects programs by adding its own components to a target Android Package (APK) without changing its digital signature.
BeiTaAd is a well-obfuscated advertising plug-in hidden within a number of popular applications in Google Play. Discover more about this mobile threat.
BeiTaAd is a well-obfuscated advertising plugin that forcibly displayed ads on the user’s lock screen, triggered video and audio advertisements even while the phone is asleep.
eSurvAgent is a sophisticated Android surveillanceware agent.
Lookout researchers have disabled DressCode, an Android malware family, with their click fraud business model and malware designed to evade detection in novel ways.
Lookout Security Intelligence has discovered Android and iOS surveillanceware tools targeting govt. officials, diplomats, military personnel, and activists.
Lookout researchers have identified a new, highly targeted surveillanceware family known as Desert Scorpion in the Google Play Store.
Lookout researchers discovered samples belonging to the ViperRAT malware family, a known mobile advanced persistent threat (mAPT), in the Google Play Store.
Lookout and Electronic Frontier Foundation (EFF) have discovered Dark Caracal, a persistent and prolific actor running a global espionage campaign.
Spectre & Meltdown are arguably two of the biggest vulnerabilities in computing and certainly mobile history.
Learn about Titan, a family of sophisticated Android surveillanceware apps surfaced by Lookout's automated analysis that is linked to the same actors behind Tropic Trooper.
Lookout researchers are monitoring the evolution of an Android surveillanceware family known as JadeRAT, we believe may be connected to a government sponsored APT group.
Lookout researchers have discovered a new mobile surveillanceware family, FrozenCell. The threat is likely targeting employees of various Palestinian agencies and facilities.
Lookout have identified a mobile trojan called xRAT with extensive data collection functionality and the ability to remotely run a suicide function to avoid detection.
Lookout Security Intelligence researchers discovered the spyware in Google Play and connected it to a known malicious actor potentially operating out of Iraq.
Lookout researchers have identified over a thousand spyware apps related to a threat actor likely based in Iraq. Discover more with Lookout today.
When WannaCry started disrupting business operations, mobile devices enabled some work to continue. However, the majority of business are unprepared for an attack on mobile.
Lookout and Google are releasing research into the Android version of one of the most sophisticated and targeted mobile attacks we’ve seen in the wild: Pegasus.
This is not actually a net new malware family, but rather it’s a variant of the family “Ghost Push,” a threat first discovered in 2014.
Pegasus is a highly sophisticated piece of spyware that uses three previously unknown vulnerabilities called “Trident.” This is the most sophisticated mobile attack seen.
Pokemon Go, is arguably the biggest mobile game in US history, but while fame breeds fans — even employees in the enterprise — it also attracts many opportunistic attackers.
Lookout researchers have been tracking Android and iOS surveillanceware, that can exfiltrate contacts, recordings, photos, & more. Discover what was found.
Shedun is trojanized adware that roots Android devices, masquerading as legitimate apps such as Facebook, Twitter, WhatsApp and Okta’s enterprise single sign-on app.
Lookout has discovered that an exploit in TCP also impacts nearly 80% of Android, or around 1.4 billion devices, based on an install base reported by Statista.
LevelDropper, an app in the Google Play Store that Lookout determined to be malicious, the latest example of a new and persisting trend in mobile threats: autorooting malware.
Lookout recently identified an app called “Black Jack Free” in the Google Play store, which turned out to be a variant of the malware family Acecard.
With the help of the Lookout Security Cloud, we confirmed our suspicions that the author(s) behind the Brain Test malware had slipped additional malicious apps to Google Play.
In addition to rooting a victim’s device, Lookout observed Shedun abusing the Android Accessibility Service for its malicious means.
Recently, news broke about a concerning app called InstaAgent. The app connects to the victim’s Instagram account and steals the user’s login credentials.
How did one of the most widely-used, South Korean government-approved "monitoring software" solutions actually leave children's data wide open? Learn more.