Zimperium has highlighted the growing threat of mobile bots operating inside trusted apps, with these bots representing a new form of automation that bypasses traditional defences. The bots in question are able of getting past trusty defences such as CAPTCHAs, rate limits and MFA, making them nearly impossible to distinguish from legitimate users and enabling
Zimperium has released new research from its zLabs team revealing alarming weaknesses in mobile Virtual Private Network (VPN) applications. While VPNs are marketed as essential privacy tools, Zimperium’s analysis of 800 free Android and iOS apps shows that many actually put users, and the enterprises they work for at greater risk. Among the findings: “These
Zimperium’s zLabs research team has identified a new variant of the notorious Hook Android banking trojan, now equipped with some of the most advanced capabilities seen in mobile malware to date. Dubbed Hook v3, this variant expands its arsenal to 107 remote commands, including 38 newly added, enabling attackers to steal data, hijack sessions, and bypass
Zimperium has announced its zLabs threat research team has uncovered a highly coordinated and emotionally manipulative malware campaign that is targeting mobile users through fake dating and social networking apps. The campaign, identified as SarangTrap, has already leveraged over 250 malicious Android apps and more than 80 phishing domains, all designed to steal sensitive data
Zimperium has announced it’s enhancing detection and response capabilities of security teams by integrating with the CrowdStrike Falcon cybersecurity platform. Zimperium believes that this new integration, now available on the CrowdStrike Marketplace, enables seamless sharing of mobile threat intelligence from Zimperium’s Mobile Threat Defense platform to CrowdStrike FalconNext-Gen SIEM. According to Zimperium’s 2024 Global Mobile Threat Report, 82% of phishing
Zimperium has released new research highlighting the evolving landscape of mobile phishing attacks. The data-driven analysis of mobile phishing vectors in 2024 underscores an urgent need for organisations to adopt mobile-specific security strategies to combat these increasingly sophisticated threats, as evidence shows that attackers have moved to a ‘mobile first’ strategy to penetrate corporate networks and
Zimperium has uncovered an advanced mishing (mobile-targeted phishing) campaign impersonating the United States Postal Service (USPS), exclusively targeting mobile devices. Spearheaded by Zimperium’s zLabs threat research team, the investigation reveals an unprecedented method of obfuscation used to deliver malicious PDF files designed to steal credentials and compromise sensitive data. The campaign exploits the trust that
Zimperium’s Nico Chiaraviglio, Chief Scientist and Krishna Vishnubhotla, VP Product Strategy & Threat Intelligence, believe data privacy emphasis – among other key topics – will be the order of the day in 2025 “Each year around this time, security leaders cast their predictions on how the industry will change in the new year. What new
Tim Roddy, VP Product Marketing, Mobile Threat Defense, Zimperium, explains how mishing is becoming a growing concern in the modern age “Most would agree that the evolution of mobile devices over the last 10 years has been remarkable, including a significant impact to communication and productivity in the workplace. “The combination of 5G technology, cloud-based business
Nicolás Chiaraviglio, Chief Scientist, Zimperium, explains how the company recently offered Water Makara Zero-Day protection against a spear-phishing campaign. “The Water Makara spear-phishing campaign, recently reported by Trend Micro, leverages social engineering tactics and obfuscated JavaScript files to target victims. “The attack entices victims into clicking malicious links or downloading harmful attachments, ultimately leading to credential