Latest news with #Zimperium
Forbes
29-04-2025
- Forbes
Do Not Open Any Of These PDFs On Your Phone
Do not take this risk. Getty The mobile threat landscape is getting worse, with half of all devices unprotected from new attacks and the current trickle of dangerous AI campaigns about to become a tidal wave. And while we're becoming better conditioned to avoid clicking links, opening office attachments or installing apps, one threat is still slipping the security net. We're talking PDFs, which are seen as a safe file type to open on your phone — but they are not. They are now being crafted with embedded risks including masked links and links hidden behind QR codes, and they are easy to cloak with a mimicked brand. The latest warning comes from Zimperium, which has seen a surge in PDF attacks. While this is true of both email and SMS attachments, the latter is far worse. SMS threats in general 'now comprise over two-thirds of observed attack attempts, signifying a critical pivot in threat actor methodology.' Google's Update Decision—Bad News For 50% Of Android Users And so a PDF attached to an SMS is a double whammy. In the past year, Zimperium says it has observed 'attackers increasingly leveraging PDF attachments delivered via SMS messages because these files can effectively obfuscate malicious content and evade traditional security scans. This tactic exploits the fact that users have become accustomed to and generally trust PDF documents in their daily interactions, and many defense mechanisms may not thoroughly inspect them for embedded threats.' Mobile Threat Report 2025 Zimperium The team has seen these attacks 'frequently leverage well-known brands… to manipulate user trust, compelling victims to click through and initiate the attack.' That means no PDF regardless of the lure and purported sender ID is guaranteed safe. This is especially true given how easy it is with short-codes to mimic a brand in a text. PDFs win on two counts. The embedded threats bypass security scans by skipping /URL tags against links, and then the benign nature of a PDF combined with trust in the faked brand solicits clicks. 'This evolution signifies a sophisticated attempt to bypass established security measures and capitalize on user familiarity and trust.' We have seen multiple PDF alerts over the last year. The team warns that 'because PDFs are now so ubiquitous… used extensively for contracts, reports, manuals, invoices, and other critical business communications, users have developed a natural, but dangerous, assumption that all PDF's are safe. And now, cybercriminals are actively exploiting that false confidence.' Microsoft's AI Secretly Copies Your WhatsApp, Signal Messages Dangerous PDFs are not new. There have been multiple warnings in recent years. But the obfuscation tactics are evolving and the rise in smishing kits and maliciously crafted domains for embedded links has reached a new level. Don't take any chances. PDFs should be seen as every bit as dangerous as links and office docs.
Forbes
28-04-2025
- Forbes
Do Not Let Your Phone Get On This Dangerous List
Do not get on the list Android has a serious problem. Half its users are running an OS version that's on the unsupported list, and Google has also decided that apps may stop working properly on those phones next month. You need to check what OS version you're running. In its new Global Mobile Threat Report, Zimperium warns 'at any given point in the year, over 50% of mobile devices are running outdated OS versions, and a significant number are compromised or infected.' Make sure your phone is not on this list. Google recently stopped providing security updates for the 200 million Android 12 users, adding it to the other unsupported OS versions still in use, which account for more than half of all Android phones. This isn't just an Android problem, though, and Zimperium warns iPhone users are just as likely to be on that naughty list. Google's latest change to its Play Integrity API means apps can run differently on Android 12 or older — in other words more slowly and with more restrictions. All told, it's set to become an even more painful experience than now. But the security concerns are more critical. And this is especially true for enterprises allowing their users to access company systems and networks from their own devices. Zimperium says 'this creates untrusted environments where even apps that employ security measures are susceptible to manipulation. Without device attestation, apps can't distinguish between safe and hostile execution environments, exposing sensitive data and operations.' Which is why Google wants apps restricted. There are almost 2 million apps on Apple's App Store and as many as 2.87 million on Google's Play Store, albeit its cull of low-quality apps continues. 'Most apps,' Zimperium says, 'rely on basic tools or have no protection, including in high-risk sectors like finance. Organizations are either underestimating the sophistication of mobile threats or relying too heavily on platform-level security.' Most users have countless apps on their phones, many of which were installed casually and are no longer used. But all of which are a potential security risk. Typical users have 80 to 100 apps installed, Zimperium reports, with only a few work-related. 'Meanwhile, 66% of American employees use their personal smartphones for work, and 70% of organizations support BYOD.' Again, this is why Google has acted. More apps, more phones, outdated firmware, delayed (if any) updates. You can see why Zimperium describes 'a fragmented, under-secured mobile landscape where apps and devices become potential vectors for data loss, fraud, and enterprise breaches.' The greatest threats to iPhone users come by way of mobile targeted phishing — designed to trick users given the restrictions of small screen devices, and network interception attacks. Whilst for Android, unsurprisingly, the major risk is sideloading. Staying safe is easy — that's the good news; here's your five-point plan:
Indian Express
25-04-2025
- Indian Express
Over 25 mn devices at risk: What is FatBoyPanel, the new malware targeting Indian users?
A dairy businessman, 44, from Dharashiv, received a WhatsApp call from someone posing as a bank official. The caller warned him that his account would be suspended unless updated immediately. When the victim panicked and asked how this issue could be resolved, the 'official' offered a simple solution – downloading a 'banking application,' the link of which would be shared on WhatsApp. The link reached him, and the victim downloaded the Android Package Kit (APK) file and installed it. What followed was 26 rapid transactions that drained his entire bank account. A sophisticated, malicious piece of software, called malware, was the reason. This isn't an isolated case. In recent years, scammers have increasingly targeted users through APK files laced with malicious software that hijack devices. This week, we take a closer look at one such malware: FatBoyPanel. What is malware? Malware, short for 'malicious software', refers to intrusive programs designed by cybercriminals to steal data or damage systems. Common types include viruses, worms, Trojans, spyware, adware, and ransomware. Recently, in a blog post on the website of Zimperium, a tech company that provides AI-driven mobile security that protects devices and apps from phishing, malware, and zero-day threats, the company said that their research team has identified a malware that steals from the Indian bank accounts: FatBoyPanel. What is FatBoyPanel? Nico Chiaraviglio, chief scientist at Zimperium, told that FatBoyPanel is a mobile-first banking trojan that has been discovered across nearly 900 different applications, primarily targeting Indian users. The attack begins with social engineering: scammers pose as officials or trusted entities and approach users via WhatsApp. They then send a malicious APK, encouraging the user to install it. Once installed, the app gains access to sensitive data and steals one-time passwords (OTPs) to execute unauthorised transactions. 'FatBoyPanel is mobile-first, optimised for Indian banking apps, and even supports real-time session hijacking. That makes it especially dangerous in the hands of low-skilled attackers,' said Akshat Khetan, a cyber-legal expert and founder of AU Corporate Advisory and Legal Services (AUCL). What distinguishes this malware? 'It uses a centralised command structure that controls multiple variants across campaigns, abuses live phone numbers for OTP redirection, and has exfiltrated data from over 25 million devices. This makes it far more organised and dangerous than traditional banking trojans. It is also a new banker trojan that shows constant evolution of threat actors,' Chiaraviglio said. The malware requests permission to read SMS messages, enabling it to capture OTPs and bypass two-factor authentication in real time. 'It hides its icon after installation and disables Google Play Protect, allowing it to stay hidden and maintain access,' Chiaraviglio said. 'Once permissions are granted, it embeds itself into the system and communicates with its control panel,' Khetan said, Breach fueled by social engineering The attackers pose as government agencies or trusted services, sending fake APKs via WhatsApp. This social engineering drives up installation rates,' Chiaraviglio said. He also shared some numbers: Over 1,50,000 stolen messages were found on the attacker panel, with more than 25 million compromised device records, highlighting the massive scale of this breach. 'The breach exposes how easily users can be manipulated into side-loading apps and how SMS-based OTPs remain a weak link, especially in regions relying on them for banking authentication,' he said. Pavan Karthick M, threat researcher III at CloudSEK, said, 'This campaign, active since late 2023, uses consistent infrastructure across all samples–FatBoyPanel. It's part of a growing trend where everyday platforms host Command and Control (C2) servers, giving cybercriminals both scalability and operational cover.' Khetan elaborated on how the malware acts: 'Once deployed, the malware can intercept SMS-based OTPs, log credentials and perform keylogging. It may also use Accessibility Services to perform actions on behalf of the user such as initiating fund transfers within banking apps. In some cases, attackers use remote access tools (RATs) embedded in the payload to execute transactions manually from the victim's device, bypassing traditional fraud detection mechanisms. How to protect yourself – Avoid sideloading APKs: Only use official app stores. – Enable Google Play Protect: Keep it on to scan for harmful apps. – Use mobile security software: Opt for real-time threat detection. – Verify app sources: Never trust unknown or unofficial links. – Check app permissions: Avoid granting SMS, call, or gallery access to unverified apps. Some malware can even delete itself to avoid detection, making user vigilance critical. 'To better protect users, banks must move away from SMS-based OTPs and embrace stronger multi-factor authentication. In-app protections and local-language awareness campaigns are also key,' Chiaraviglio said. The Safe Side As the world evolves, the digital landscape does too, bringing new opportunities—and new risks. Scammers are becoming more sophisticated, exploiting vulnerabilities to their advantage. In our special feature series, we delve into the latest cybercrime trends and provide practical tips to help you stay informed, secure, and vigilant online.
Forbes
16-04-2025
- Forbes
Delete All Texts On Your Phone If You See These 2 Words
These attacks are coming for you now. iPhone and Android users across the U.S. and elsewhere are now under attack from organized networks of Chinese criminals. These attacks come at you by text, and while they may seem trivial — a few dollars for an undelivered package or unpaid toll, they will steal your credit card details, your passwords and even your identity. New research into one such gang — Smishing Triad — warns that there has been a 'massive fraud campaign expansion' since the beginning of 2025, using more than 60,000 different web domains, 'making it difficult for platforms like Apple and Android to block fraudulent activity effectively." This is why you will have seen so many news articles on the spate of toll fraud sweeping across America. Zimperium's Kern Smith told me that 'the latest wave of mobile SMS scams is a stark reminder that mobile devices and apps are uniquely vulnerable — and often under protected — against attackers," while the new reports 'show the continued investment by cybercriminals in targeting mobile users.' Each dangerous text includes a lure — the unpaid toll for example — and a link. The text will pretend to come from a brand or goverment agency and the link will be crafted to match the lure, likely a long URL with the right keywords contained within. Top-20 phishing terms within links Even if the text itself seems plausible, the link is a telltale red flag. It will usually use a top level domain (TLD) from outside the U.S., and it will not match the core domain you would associate with the brand or agency. To get around that problem, attackers are using dashes to trick users into thinking this is a legitimate link using that core domain. And the most dangerous dash follows a '.com'. That makes you think it links the normal .com domain to a subdomain, but that's not the case. It's a ruse to hide a full legitimate domain within a malicious link. This trick is flying. The latest quarterly report from SpamHaus lists the top-2o phishing terms included in malicious links, warning that 'com-track' is a new entry that has gone straight to number one on its list. This would allow an attacker to copy delivery or ecom brand followed by its usual .com, but with an added '-track' after the legitimate URL. If you ever see 'com-track' in a link, delete the text immediately per the FBI's advice. It's a scam. Similarly, 'com-toll' is another new entry on the list and you can expect more of the same to be added quickly as these others take hold. The other telltale warning sign is a Chinese TLD — albeit you won't realize it's Chinese from the TLD itself. Look out for '.Top' in particular as that's the TLD favored by cybercriminals and again is cause on its own for you to delete a text. Don't take any risks. Don't click links in texts. These scams have been industrialized and are fast becoming the most likely way you'll be defrauded.
Forbes
24-03-2025
- Forbes
New Android, iPhone Warning—Do Not Make This 1 Change Hackers Love
Don't root or jailbreak your smartphone, security researchers have warned. Let's face it: cybercriminals, scammers and hackers hardly need any help when it comes to attacking your smartphone. The facts speak for themselves, with hundreds of dangerous apps finding their way into the Google Play Store, smartphone users deploying the same password across multiple accounts, and deepfake attacks rampant. Now, smartphone threat intelligence experts have warned that users of both Android and iOS devices are doing one thing, without any need for malicious coercion, that makes their smartphones 250 times more likely to be compromised by hackers. Here's what you need to know and what you shouldn't do. I have a total of three smartphones in everyday use here: two iPhones and an Android. All are what are known as plain vanilla devices, running stock versions of the Android and iOS operating systems. This might come as a surprise to those who know me and my love for hacking things. You might think I would have rooted the Android and jailbroken at least one of the iPhones. Truth be told, I have. What I haven't done is take that action on the smartphones that are used every day in my personal and business life, I only root devices that don't carry personal and valuable data. And there's a very good security reason for that, as a new report from Zimperium has just confirmed. 'As cybercriminals have moved to a mobile-first attack strategy, rooting and jailbreaking of mobile devices, originally popular for customization, continues to be a very powerful attack vector,' Ignacio Montamat, a threat analyst for the zLabs team at Zimperium, said. Rooting and jailbreaking involve gaining the deepest access to the operating system, in essence allowing the user to make changes to system files and install pretty much anything they like. To underscore just how dangerous making the decision to root your Android or jailbreak your iPhone can be, Zimperium highlighted recent data from its own zLabs analysis that showed that rooting devices leads to 3.5 times as many malware attacks, which system compromise by hackers rose by an incredible 250 times. "Unfortunately, when a device is jailbroken or rooted, the security that is put in place by default is bypassed,' Erich Kron, a security awareness advocate at KnowBe4, warned, 'and the user of the device is now running everything at an admin permission level.' If you really need to be told how this helps the hackers, Kron explained that as built-in operating system security controls often restrict unknown apps from running, 'you can't simply restore the device to a secure state after installing the application.' This means, dear reader, that the security bypass remains in place in most situations and makes it easier for hackers to attack. 'People who are interested in rooting or jailbreaking devices need to be very aware of the additional risk it puts them at,' Kron concluded, 'especially if this is a device being used on a daily basis.'
