A Retrospective on WebP CVE Executive Summary Earlier this year, Zimperium analyzed and reported on the patching process of CVE-2023-4863 for Android. Upon the conclusion of our research, we observed a steady and solid patching trend once a patch was made available. In this blog we will underline the differences and the similarities on how iOS developers reacted to the…
ThreatFabric recently reported on a new strain of Android malware called Octo2, which is actively targeting European banks. This variant builds on the capabilities of its predecessor, Octo, employing sophisticated techniques like screen overlays and remote access tools (RATs) to compromise banking credentials and manipulate financial transactions. With this malware, fake login screens overlay legitimate banking app,…
The recently uncovered “River of Phish” campaign, attributed to the Russian threat actor COLDRIVER, targets Western and Russian civil society through sophisticated spear-phishing attacks. This campaign employs highly personalized social engineering tactics to trick targets into opening malicious PDF attachments. These PDFs contain links to phishing sites designed to steal login credentials and bypass two-factor authentication, potentially…
BlankBot is a newly discovered Android banking trojan identified by Intel 471 Malware Intelligence researchers in July 2024. This sophisticated malware targets Android devices, primarily focused on Turkish users but capable of broader geographical attacks. BlankBot aims to produce profit for attackers by exfiltrating banking credentials.The trojan disguises itself as legitimate applications, deceiving users into granting…
July 25, 2024 Krishna Vishnubhotla Share this blog As the world gathers for the 2024 Summer Olympics in Paris, the focus is not only on the athletes’ performances but also on the technology that supports them. Mobile devices have become indispensable for Olympic teams, providing critical data for training, performance tracking, and real-time analysis. However, with…
March 27, 2024 Monique Becenti Share this blog Cybercriminals are employing increasingly sophisticated tactics to target unsuspecting users. One such tactic gaining traction is smishing – an attack that leverages text messages to deceive individuals into providing sensitive information or downloading malicious content. In this latest trend, cybercriminals create fake apps that mimic legitimate banking or financial services. These apps…
March 26, 2024 Monique Becenti Share this blog In today’s digitally-driven workplace, mobile applications (apps) have become indispensable tools for enhancing productivity and providing teams with seamless communication. As employees seek additional functionality and features beyond what official app stores offer, they often turn to third-party app stores. While the idea of third-party app stores may…
Every day the number and range of methodologies and malicious programs hackers use to gain unauthorized access to applications, devices, and personal information increases. Often software code itself provides the entry point for attack. According to the State of DevOps Report by Contrast Security, over 99% of technologists report that applications in production have a minimum of…
Executive Summary One-time passwords (OTPs) are designed to add an extra layer of security to online accounts, and most enterprises have become very dependent upon them for controlling access to sensitive data and applications. However, these passwords are just as valuable to attackers. Mobile malware has become increasingly sophisticated, employing cunning tactics to steal these…
In an era where mobile threats are increasingly sophisticated, the security landscape demands robust solutions capable of defending against the most advanced attacks. One such threat is the Remote Access Trojan (RAT), a type of malware designed to remotely control a mobile device, steal sensitive information, and manipulate device functions. The recent incidents involving the…
[wpforms id=”8196″]