Leaks show Intellexa burning zero-days to keep Predator spyware running

Intellexa is a well-known commercial spyware vendor, servicing governments and large corporations. Its main product is the Predator spyware. An investigation by several independent parties describes Intellexa as one of the most notorious mercenary spyware vendors, still operating its Predator Read More …

Hook for Gold: Inside GoldFactory’s Сampaign That Turns Apps Into Goldmines

In February 2024, Group-IB uncovered sophisticated mobile threat campaigns that show how fast banking malware is evolving across the Asia-Pacific region. Ongoing monitoring of this evolving threat revealed a surge of aggressive mobile Trojans targeting both iOS and Android users, Read More …

Google patches 107 Android flaws, including two being actively exploited

  Google has patched 107 vulnerabilities in Android in its December 2025 Android Security Bulletin, including two high-severity flaws that are being actively exploited. The December updates are available for Android 13, 14, 15, and 16. Android vendors are notified Read More …

LANDFALL: New Commercial-Grade Android Spyware in Exploit Chain Targeting Samsung Devices

Unit 42 researchers have uncovered a previously unknown Android spyware family, which we have named LANDFALL. To deliver the spyware, attackers exploited a zero-day vulnerability (CVE-2025-21042) in Samsung’s Android image processing library. The specific flaw LANDFALL exploited, CVE-2025-21042, is not Read More …

Android malware steals your card details and PIN to make instant ATM withdrawals

The Polish Computer Emergency Response Team (CERT Polska) analyzed a new Android-based malware that uses NFC technology to perform unauthorized ATM cash withdrawals and drain victims’ bank accounts. Researchers found that the malware, called NGate, lets attackers withdraw cash from Read More …

ClayRat Android malware spoofs WhatsApp, TikTok and more

A new Android malware variant is posing as popular apps, stealing sensitive files and propagating further. Experts from Zimperium revealed ClayRat, targeting primarily Russian users by spoofing popular Android apps such as WhatsApp, TikTok, Google Photos, or YouTube, distributed mostly Read More …

Samsung patches zero-day security flaw used to hack into its customers’ phones

Samsung says it has fixed a zero-day security vulnerability that is being used to hack into its customers’ phones. The phone maker said the security flaw, discovered in a software library for displaying images on Samsung devices, allows hackers to Read More …

Android chipmaker Qualcomm fixes three zero-days exploited by hackers

Chipmaker giant Qualcomm released patches on Monday fixing a series of vulnerabilities in dozens of chips, including three zero-days that the company said may be in use as part of hacking campaigns. Qualcomm cited Google’s Threat Analysis Group, or TAG, Read More …

Zanubis in motion: Tracing the active evolution of the Android banking malware

Zanubis is a banking Trojan for Android that emerged in mid-2022. Since its inception, it has targeted banks and financial entities in Peru, before expanding its objectives to virtual cards and crypto wallets. The main infection vector of Zanubis is Read More …

Android fixes 47 vulnerabilities, including one zero-day – update as soon as you can!

Google has patched 47 vulnerabilities in Android, including one actively exploited zero-day vulnerability in its May 2025 Android Security Bulletin. Zero-days are vulnerabilities that are exploited before vendors have a chance to patch them—often before they even know about them. Read More …