ALL POSTS

Arsink Spyware Posing as WhatsApp, YouTube, Instagram, TikTok Hits 143 Countries Key Findings Arsink is a dangerous Android Trojan that impersonates over 50 popular brands, including WhatsApp, YouTube, Instagram, and TikTok The malware has infected over 45,000 devices across 143 countries, with major clusters in Egypt, Indonesia, and Iraq Arsink grants hackers complete remote control, allowing them to record audio, read text messages, and wipe devices Background A massive new

Key Findings In August 2025, Kaspersky researchers discovered a new Android banking Trojan dubbed "Frogblight" targeting individuals in Turkey. The malware initially disguised itself as an app for accessing court case files via an official government webpage, but later adopted more universal disguises like the Chrome browser. Frogblight can use official government websites as an intermediary step to steal banking credentials and has spyware capabilities to collect SMS message

Key Findings CISA has issued an alert warning of threat actors actively using commercial spyware and remote access trojans (RATs) to target users of mobile messaging apps like Signal and WhatsApp. The attackers employ sophisticated social engineering and targeting techniques to deliver spyware and gain unauthorized access to victims' messaging apps, enabling further device compromise. The targeting appears opportunistic but often focuses on high-value individuals such as gove

Key Findings Researchers discovered a previously unknown Android spyware family dubbed LANDFALL, which leveraged a zero-day vulnerability (CVE-2025-21042) in Samsung's image processing library to compromise Galaxy devices. The campaign, active since mid-2024, appears to have targeted users in the Middle East, with the spyware embedded inside malicious DNG image files sent through WhatsApp. The exploit relies on malformed DNG (Digital Negative) image files, exploiting a flaw i

Key Findings: A new commercial-grade spyware called "Landfall" has been targeting Samsung Galaxy phones in the Middle East since at least mid-2024. Landfall exploited a previously unknown, unpatched vulnerability (zero-day) in Samsung's Android image processing library, tracked as CVE-2025-21042. The spyware was delivered through malicious DNG image files sent via WhatsApp, with no user interaction required (zero-click). Landfall has extensive surveillance capabilities, inclu