Mobile devices have become indispensable in our modern lives, enabling us to stay connected, access information, and conduct transactions on the go. However, the rise of mobile usage for accessing corporate information is attracting the increased attention of cybercriminals seeking to exploit vulnerabilities and gain unauthorized access to sensitive data.

In recent years, especially with hybrid work, almost everyone uses an iOS or Android device for work. In fact, in a recent survey, Lookout found that 92% of remote workers use their personal laptops or smartphones for work tasks, with 46% of them having saved files onto their devices. Now that employees expect to be productive from anywhere, organizations across all industries have become more relaxed with allowing the use of personal devices with bring-your-own-device (BYOD) programs.

Researchers at the Lookout Threat Lab have discovered a new Android surveillance tool which we attribute with moderate confidence to the Law Enforcement Command of the Islamic Republic of Iran (FARAJA). Named BouldSpy for the “BoulderApplication” class which configures the tool’s command and control (C2), we have been tracking the spyware since March 2020.

Remote work is no longer a trend — in 2022, remote workers represented 30% of the overall workforce. Cloud services and mobile devices have made the work environment more flexible, and organizations have implemented bring-your-own-device (BYOD) policies to enable employees who are working from anywhere to get more done.

Stolen employee login credentials are one of the most effective ways for bad actors to infiltrate your organization’s infrastructure. Once they have the login information of one of your accounts in hand, it becomes much easier for them to bypass security measures and gain access to your sensitive data. So how do attackers get those login credentials? The answer in many cases is mobile phishing.