Summary is AI-generated, newsdesk-reviewed
  • Zimperium reveals holiday mobile threats surge in e-commerce, impacting consumers and enterprises.
  • Mishing leads mobile attacks; attackers impersonate brands using urgent messages for data theft.
  • Expanding malware targets payment apps, exploiting vulnerabilities like misconfigured SDKs, risking data security.
Related Links

Zimperium has disclosed findings from its zLabs team indicating a significant increase in mobile threats during the holiday shopping season.

These insights are detailed in the Mobile Shopping Report: From Carts to Credentials, which explains how cybercriminals exploit the rise in e-commerce and mobile app activity during this period to target consumers and businesses alike.

Analysis by zLabs shows that mishing, or mobile phishing, remains the most prevalent and effective form of mobile attack. During the 2024 holiday shopping season, smishing messages and fraudulent delivery alerts imitating well-known retail and logistics companies increased by up to four times.

These messages often use urgent language such as "Your package is delayed, click here" to deceive users into disclosing personal credentials or downloading harmful apps.

Rising Malware Threats

The report reveals that malware is expanding its reach beyond banking apps to shopping 

The report reveals that malware is expanding its reach beyond banking apps to shopping and payment applications. These attacks exploit features like overlays and accessibility permissions to steal credit card information, intercept one-time passwords (OTPs), and compromise digital wallets.

Furthermore, legitimate retail apps pose risks due to misconfigured software development kits (SDKs), hardcoded private keys, and insecure third-party libraries, which hackers can leverage for data breaches or remote code execution.

Kern Smith, Senior Vice President of Global Solutions Engineering at Zimperium, noted, "These findings confirm what we’ve been tracking throughout the year: attackers are taking full advantage of the mobile commerce boom. What begins as a fake shipping alert or counterfeit shopping app can quickly evolve into a corporate breach when employees shop or click from work-connected devices."

Increased Risks to Consumers and Enterprises

The zLabs team highlights the merging of consumer and enterprise risk during the holiday season. Employees using personal or company-issued devices for shopping, package tracking, or payment management introduce new vulnerabilities to credential theft and brand impersonation scams.

Ignacio Monta, Senior Vice President of Strategy & Threat Intelligence at Zimperium, stated, "As mobile and enterprise ecosystems converge, security teams must treat the holiday season as a critical risk window, not just for consumers, but for the business itself."

Understand how converged physical and cybersecurity systems can scale protection.

Show full press release

Related videos

Insta DomainLink Secret™

Insta DomainLink Secret™
Wan 2.2-S2V Demo Video: Female Singer

Wan 2.2-S2V Demo Video: Female Singer
Dahua MultiVision Online Event - Look Wider, Protect Deeper

Dahua MultiVision Online Event - Look Wider, Protect Deeper

In case you missed it

What Are Emerging Applications For Physical Security In Transportation?
What Are Emerging Applications For Physical Security In Transportation?

Transportation systems need robust physical security to protect human life, to ensure economic stability, and to maintain national security. Because transportation involves moving...

Gallagher's Perimeter Solutions With Fortified Partnership
Gallagher's Perimeter Solutions With Fortified Partnership

Global security manufacturer Gallagher Security is proud to announce a strategic partnership with Fortified Security, a pioneering perimeter systems integrator with over 30 years o...

Genetec's Role In Data Sovereignty For Security
Genetec's Role In Data Sovereignty For Security

Genetec Inc., the global pioneer in enterprise physical security software, highlights why data sovereignty has become a central concern for physical security leaders as more survei...

Featured white papers
The Key To Unlocking K12 School Safety Grants

The Key To Unlocking K12 School Safety Grants

Download
Honeywell GARD USB Threat Report 2024

Honeywell GARD USB Threat Report 2024

Download
Physical Access Control

Physical Access Control

Download
The 2024 State Of Physical Access Trend Report

The 2024 State Of Physical Access Trend Report

Download
The Security Challenges Of Data Centers

The Security Challenges Of Data Centers

Download
More corporate news
Captura NG Enhances ONATi's Telecom Services In Polynesia

Captura NG Enhances ONATi's Telecom Services In Polynesia
Genetec Inc: Cyber-Physical Security Strategies

Genetec Inc: Cyber-Physical Security Strategies
RAD-G's Cutting-Edge AI For RVM Companies

RAD-G's Cutting-Edge AI For RVM Companies
Featured products
Climax Mobile Lite: Advanced Personal Emergency Response System (PERS)

Climax Mobile Lite: Advanced Personal Emergency Response System (PERS)
Hanwha Vision OnCAFE: Cloud-Based Access Control for Modern Enterprises

Hanwha Vision OnCAFE: Cloud-Based Access Control for Modern Enterprises
Delta Scientific MP100 Portable Barricade Solution

Delta Scientific MP100 Portable Barricade Solution