Get to know # Cong Zheng *** ** * ** *** Blogs by Cong Zheng Sort By: Recent Recent Popular *** ** * ** *** [![Xbash Combines Botnet, Ransomware, Coinmining in Worm that Targets Linux and Windows](https://origin-researchcenter.paloaltonetworks.com/blog/wp-content/uploads/2018/04/unit42-blog-600x300.jpg)](https://origin-researchcenter.paloaltonetworks.com/blog/2018/09/unit42-xbash-combines-botnet-ransomware-coinmining-worm-targets-linux-windows/) ## [Unit 42](https://unit42-dev2.paloaltonetworks.com) ### [Xbash Combines Botnet, Ransomware, Coinmining in Worm that Targets Linux an...](https://origin-researchcenter.paloaltonetworks.com/blog/2018/09/unit42-xbash-combines-botnet-ransomware-coinmining-worm-targets-linux-windows/) Unit 42 researchers discover Xbash, a new malware family tied to the Iron Group targeting Linux and Microsoft Servers Sep 17, 2018 By [Claud Xiao](https://www.paloaltonetworks.com/blog/author/claud-xiao/?ts=markdown "Posts by Claud Xiao"), [Cong Zheng](https://www.paloaltonetworks.com/blog/author/cong-zheng/?ts=markdown "Posts by Cong Zheng") and [Xingyu Jin](https://www.paloaltonetworks.com/blog/author/xingyu-jin/?ts=markdown "Posts by Xingyu Jin") *** ** * ** *** [![IoT Malware Evolves to Harvest Bots by Exploiting a Zero-day Home Router Vulnerability](https://origin-researchcenter.paloaltonetworks.com/blog/wp-content/uploads/2016/09/unit42-web-banner-650x300.jpg)](https://origin-researchcenter.paloaltonetworks.com/blog/2018/01/unit42-iot-malware-evolves-harvest-bots-exploiting-zero-day-home-router-vulnerability/) ## [Unit 42](https://unit42-dev2.paloaltonetworks.com) ### [IoT Malware Evolves to Harvest Bots by Exploiting a Zero-day Home Router Vu...](https://origin-researchcenter.paloaltonetworks.com/blog/2018/01/unit42-iot-malware-evolves-harvest-bots-exploiting-zero-day-home-router-vulnerability/) Unit 42 researchers outline the evolution of Satori, a malware family targeting zero-day vulnerabilities in IoT devices Jan 11, 2018 By [Cong Zheng](https://www.paloaltonetworks.com/blog/author/cong-zheng/?ts=markdown "Posts by Cong Zheng"), [Claud Xiao](https://www.paloaltonetworks.com/blog/author/claud-xiao/?ts=markdown "Posts by Claud Xiao") and [Yanhui Jia](https://www.paloaltonetworks.com/blog/author/yanhui-jia/?ts=markdown "Posts by Yanhui Jia") *** ** * ** *** [![Android Toast Overlay Attack: “Cloak and Dagger” with No Permissions](https://origin-researchcenter.paloaltonetworks.com/blog/wp-content/uploads/2016/09/unit42-web-banner-650x300.jpg)](https://origin-researchcenter.paloaltonetworks.com/blog/2017/09/unit42-android-toast-overlay-attack-cloak-and-dagger-with-no-permissions/) ## [Unit 42](https://unit42-dev2.paloaltonetworks.com) ### [Android Toast Overlay Attack: "Cloak and Dagger" with No Permissions](https://origin-researchcenter.paloaltonetworks.com/blog/2017/09/unit42-android-toast-overlay-attack-cloak-and-dagger-with-no-permissions/) Palo Alto Networks Unit 42 researchers have uncovered a high severity vulnerability in the Android overlay system, which allows a new Android overlay attack by using the "Toast type" overlay. Sep 07, 2017 By [Cong Zheng](https://www.paloaltonetworks.com/blog/author/cong-zheng/?ts=markdown "Posts by Cong Zheng"), [Wenjun Hu](https://www.paloaltonetworks.com/blog/author/wenjun-hu/?ts=markdown "Posts by Wenjun Hu"), [Xiao Zhang](https://www.paloaltonetworks.com/blog/author/xiao/?ts=markdown "Posts by Xiao Zhang") and [Zhi Xu](https://www.paloaltonetworks.com/blog/author/zhi-xu/?ts=markdown "Posts by Zhi Xu") *** ** * ** *** [![SpyDealer: Android Trojan Spying on More Than 40 Apps](https://origin-researchcenter.paloaltonetworks.com/blog/wp-content/uploads/2016/09/unit42-web-banner-650x300.jpg)](https://origin-researchcenter.paloaltonetworks.com/blog/2017/07/unit42-spydealer-android-trojan-spying-40-apps/) ## [Unit 42](https://unit42-dev2.paloaltonetworks.com) ### [SpyDealer: Android Trojan Spying on More Than 40 Apps](https://origin-researchcenter.paloaltonetworks.com/blog/2017/07/unit42-spydealer-android-trojan-spying-40-apps/) Palo Alto Networks researchers discovered an advanced Android malware we've named "SpyDealer" which exfiltrates private data from more than 40 apps and steals sensitive messages from communication apps by abusing the Android accessibility service feature Jul 06, 2017 By [Wenjun Hu](https://www.paloaltonetworks.com/blog/author/wenjun-hu/?ts=markdown "Posts by Wenjun Hu"), [Cong Zheng](https://www.paloaltonetworks.com/blog/author/cong-zheng/?ts=markdown "Posts by Cong Zheng") and [Zhi Xu](https://www.paloaltonetworks.com/blog/author/zhi-xu/?ts=markdown "Posts by Zhi Xu") *** ** * ** *** [![New IoT/Linux Malware Targets DVRs, Forms Botnet](https://origin-researchcenter.paloaltonetworks.com/blog/wp-content/uploads/2016/09/unit42-web-banner-650x300.jpg)](https://origin-researchcenter.paloaltonetworks.com/blog/2017/04/unit42-new-iotlinux-malware-targets-dvrs-forms-botnet/) ## [Unit 42](https://unit42-dev2.paloaltonetworks.com) ### [New IoT/Linux Malware Targets DVRs, Forms Botnet](https://origin-researchcenter.paloaltonetworks.com/blog/2017/04/unit42-new-iotlinux-malware-targets-dvrs-forms-botnet/) Unit 42 researchers have identified a new variant of the IoT/Linux botnet "Tsunami", which we are calling "Amnesia". Apr 06, 2017 By [Claud Xiao](https://www.paloaltonetworks.com/blog/author/claud-xiao/?ts=markdown "Posts by Claud Xiao"), [Cong Zheng](https://www.paloaltonetworks.com/blog/author/cong-zheng/?ts=markdown "Posts by Cong Zheng") and [Yanhui Jia](https://www.paloaltonetworks.com/blog/author/yanui-jia/?ts=markdown "Posts by Yanhui Jia") *** ** * ** *** Load more *** ** * ** *** Blogs by Cong Zheng Sort By: Popular Popular Recent *** ** * ** *** [![Xbash Combines Botnet, Ransomware, Coinmining in Worm that Targets Linux and Windows](https://origin-researchcenter.paloaltonetworks.com/blog/wp-content/uploads/2018/04/unit42-blog-600x300.jpg)](https://origin-researchcenter.paloaltonetworks.com/blog/2018/09/unit42-xbash-combines-botnet-ransomware-coinmining-worm-targets-linux-windows/) ## [Unit 42](https://unit42-dev2.paloaltonetworks.com) ### [Xbash Combines Botnet, Ransomware, Coinmining in Worm that Targets Linux an...](https://origin-researchcenter.paloaltonetworks.com/blog/2018/09/unit42-xbash-combines-botnet-ransomware-coinmining-worm-targets-linux-windows/) Unit 42 researchers discover Xbash, a new malware family tied to the Iron Group targeting Linux and Microsoft Servers Sep 17, 2018 By [Claud Xiao](https://www.paloaltonetworks.com/blog/author/claud-xiao/?ts=markdown "Posts by Claud Xiao"), [Cong Zheng](https://www.paloaltonetworks.com/blog/author/cong-zheng/?ts=markdown "Posts by Cong Zheng") and [Xingyu Jin](https://www.paloaltonetworks.com/blog/author/xingyu-jin/?ts=markdown "Posts by Xingyu Jin") *** ** * ** *** [![IoT Malware Evolves to Harvest Bots by Exploiting a Zero-day Home Router Vulnerability](https://origin-researchcenter.paloaltonetworks.com/blog/wp-content/uploads/2016/09/unit42-web-banner-650x300.jpg)](https://origin-researchcenter.paloaltonetworks.com/blog/2018/01/unit42-iot-malware-evolves-harvest-bots-exploiting-zero-day-home-router-vulnerability/) ## [Unit 42](https://unit42-dev2.paloaltonetworks.com) ### [IoT Malware Evolves to Harvest Bots by Exploiting a Zero-day Home Router Vu...](https://origin-researchcenter.paloaltonetworks.com/blog/2018/01/unit42-iot-malware-evolves-harvest-bots-exploiting-zero-day-home-router-vulnerability/) Unit 42 researchers outline the evolution of Satori, a malware family targeting zero-day vulnerabilities in IoT devices Jan 11, 2018 By [Cong Zheng](https://www.paloaltonetworks.com/blog/author/cong-zheng/?ts=markdown "Posts by Cong Zheng"), [Claud Xiao](https://www.paloaltonetworks.com/blog/author/claud-xiao/?ts=markdown "Posts by Claud Xiao") and [Yanhui Jia](https://www.paloaltonetworks.com/blog/author/yanhui-jia/?ts=markdown "Posts by Yanhui Jia") *** ** * ** *** [![Android Toast Overlay Attack: “Cloak and Dagger” with No Permissions](https://origin-researchcenter.paloaltonetworks.com/blog/wp-content/uploads/2016/09/unit42-web-banner-650x300.jpg)](https://origin-researchcenter.paloaltonetworks.com/blog/2017/09/unit42-android-toast-overlay-attack-cloak-and-dagger-with-no-permissions/) ## [Unit 42](https://unit42-dev2.paloaltonetworks.com) ### [Android Toast Overlay Attack: "Cloak and Dagger" with No Permissions](https://origin-researchcenter.paloaltonetworks.com/blog/2017/09/unit42-android-toast-overlay-attack-cloak-and-dagger-with-no-permissions/) Palo Alto Networks Unit 42 researchers have uncovered a high severity vulnerability in the Android overlay system, which allows a new Android overlay attack by using the "Toast type" overlay. Sep 07, 2017 By [Cong Zheng](https://www.paloaltonetworks.com/blog/author/cong-zheng/?ts=markdown "Posts by Cong Zheng"), [Wenjun Hu](https://www.paloaltonetworks.com/blog/author/wenjun-hu/?ts=markdown "Posts by Wenjun Hu"), [Xiao Zhang](https://www.paloaltonetworks.com/blog/author/xiao/?ts=markdown "Posts by Xiao Zhang") and [Zhi Xu](https://www.paloaltonetworks.com/blog/author/zhi-xu/?ts=markdown "Posts by Zhi Xu") *** ** * ** *** [![SpyDealer: Android Trojan Spying on More Than 40 Apps](https://origin-researchcenter.paloaltonetworks.com/blog/wp-content/uploads/2016/09/unit42-web-banner-650x300.jpg)](https://origin-researchcenter.paloaltonetworks.com/blog/2017/07/unit42-spydealer-android-trojan-spying-40-apps/) ## [Unit 42](https://unit42-dev2.paloaltonetworks.com) ### [SpyDealer: Android Trojan Spying on More Than 40 Apps](https://origin-researchcenter.paloaltonetworks.com/blog/2017/07/unit42-spydealer-android-trojan-spying-40-apps/) Palo Alto Networks researchers discovered an advanced Android malware we've named "SpyDealer" which exfiltrates private data from more than 40 apps and steals sensitive messages from communication apps by abusing the Android accessibility service feature Jul 06, 2017 By [Wenjun Hu](https://www.paloaltonetworks.com/blog/author/wenjun-hu/?ts=markdown "Posts by Wenjun Hu"), [Cong Zheng](https://www.paloaltonetworks.com/blog/author/cong-zheng/?ts=markdown "Posts by Cong Zheng") and [Zhi Xu](https://www.paloaltonetworks.com/blog/author/zhi-xu/?ts=markdown "Posts by Zhi Xu") *** ** * ** *** [![New IoT/Linux Malware Targets DVRs, Forms Botnet](https://origin-researchcenter.paloaltonetworks.com/blog/wp-content/uploads/2016/09/unit42-web-banner-650x300.jpg)](https://origin-researchcenter.paloaltonetworks.com/blog/2017/04/unit42-new-iotlinux-malware-targets-dvrs-forms-botnet/) ## [Unit 42](https://unit42-dev2.paloaltonetworks.com) ### [New IoT/Linux Malware Targets DVRs, Forms Botnet](https://origin-researchcenter.paloaltonetworks.com/blog/2017/04/unit42-new-iotlinux-malware-targets-dvrs-forms-botnet/) Unit 42 researchers have identified a new variant of the IoT/Linux botnet "Tsunami", which we are calling "Amnesia". Apr 06, 2017 By [Claud Xiao](https://www.paloaltonetworks.com/blog/author/claud-xiao/?ts=markdown "Posts by Claud Xiao"), [Cong Zheng](https://www.paloaltonetworks.com/blog/author/cong-zheng/?ts=markdown "Posts by Cong Zheng") and [Yanhui Jia](https://www.paloaltonetworks.com/blog/author/yanui-jia/?ts=markdown "Posts by Yanhui Jia") *** ** * ** *** Load more {#footer} {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language