Get to know # Wenjun Hu *** ** * ** *** Blogs by Wenjun Hu Sort By: Recent Recent Popular *** ** * ** *** [![Hidden Devil in the Development Life Cycle: Google Play Apps Infected with Windows Executable Files](https://www.paloaltonetworks.com/blog/wp-content/uploads/2018/04/unit42-blog-600x300.jpg)](https://www.paloaltonetworks.com/blog/2018/07/unit42-hidden-devil-development-life-cycle-google-play-apps-infected-windows-executable-files/) ## [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown) ### [Hidden Devil in the Development Life Cycle: Google Play Apps Infected with ...](https://www.paloaltonetworks.com/blog/2018/07/unit42-hidden-devil-development-life-cycle-google-play-apps-infected-windows-executable-files/) Unit 42 uncovers 145 malicious Google Play apps. Get the full report. Jul 30, 2018 By [Yue Chen](https://www.paloaltonetworks.com/blog/author/yue-chen/?ts=markdown "Posts by Yue Chen"), [Wenjun Hu](https://www.paloaltonetworks.com/blog/author/wenjun-hu/?ts=markdown "Posts by Wenjun Hu"), [Xiao Zhang](https://www.paloaltonetworks.com/blog/author/xiao/?ts=markdown "Posts by Xiao Zhang") and [Zhi Xu](https://www.paloaltonetworks.com/blog/author/zhi-xu/?ts=markdown "Posts by Zhi Xu") *** ** * ** *** [![Android Toast Overlay Attack: “Cloak and Dagger” with No Permissions](https://www.paloaltonetworks.com/blog/wp-content/uploads/2016/09/unit42-web-banner-650x300.jpg)](https://www.paloaltonetworks.com/blog/2017/09/unit42-android-toast-overlay-attack-cloak-and-dagger-with-no-permissions/) ## [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown) ### [Android Toast Overlay Attack: "Cloak and Dagger" with No Permissions](https://www.paloaltonetworks.com/blog/2017/09/unit42-android-toast-overlay-attack-cloak-and-dagger-with-no-permissions/) Palo Alto Networks Unit 42 researchers have uncovered a high severity vulnerability in the Android overlay system, which allows a new Android overlay attack by using the "Toast type" overlay. Sep 07, 2017 By [Cong Zheng](https://www.paloaltonetworks.com/blog/author/cong-zheng/?ts=markdown "Posts by Cong Zheng"), [Wenjun Hu](https://www.paloaltonetworks.com/blog/author/wenjun-hu/?ts=markdown "Posts by Wenjun Hu"), [Xiao Zhang](https://www.paloaltonetworks.com/blog/author/xiao/?ts=markdown "Posts by Xiao Zhang") and [Zhi Xu](https://www.paloaltonetworks.com/blog/author/zhi-xu/?ts=markdown "Posts by Zhi Xu") *** ** * ** *** [![SpyDealer: Android Trojan Spying on More Than 40 Apps](https://www.paloaltonetworks.com/blog/wp-content/uploads/2016/09/unit42-web-banner-650x300.jpg)](https://www.paloaltonetworks.com/blog/2017/07/unit42-spydealer-android-trojan-spying-40-apps/) ## [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown) ### [SpyDealer: Android Trojan Spying on More Than 40 Apps](https://www.paloaltonetworks.com/blog/2017/07/unit42-spydealer-android-trojan-spying-40-apps/) Palo Alto Networks researchers discovered an advanced Android malware we've named "SpyDealer" which exfiltrates private data from more than 40 apps and steals sensitive messages from communication apps by abusing the Android accessibility service feature Jul 06, 2017 By [Wenjun Hu](https://www.paloaltonetworks.com/blog/author/wenjun-hu/?ts=markdown "Posts by Wenjun Hu"), [Cong Zheng](https://www.paloaltonetworks.com/blog/author/cong-zheng/?ts=markdown "Posts by Cong Zheng") and [Zhi Xu](https://www.paloaltonetworks.com/blog/author/zhi-xu/?ts=markdown "Posts by Zhi Xu") *** ** * ** *** [![A New Trend in Android Adware: Abusing Android Plugin Frameworks](https://www.paloaltonetworks.com/blog/wp-content/uploads/2016/09/unit42-web-banner-650x300.jpg)](https://www.paloaltonetworks.com/blog/2017/03/unit42-new-trend-android-adware-abusing-android-plugin-frameworks/) ## [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown) ### [A New Trend in Android Adware: Abusing Android Plugin Frameworks](https://www.paloaltonetworks.com/blog/2017/03/unit42-new-trend-android-adware-abusing-android-plugin-frameworks/) Unit 42 researchers uncover aggressive adware abusing third-party DroidPlugin framework on Android. Mar 22, 2017 By [Cong Zheng](https://www.paloaltonetworks.com/blog/author/cong-zheng/?ts=markdown "Posts by Cong Zheng"), [Wenjun Hu](https://www.paloaltonetworks.com/blog/author/wenjun-hu/?ts=markdown "Posts by Wenjun Hu") and [Zhi Xu](https://www.paloaltonetworks.com/blog/author/zhi-xu/?ts=markdown "Posts by Zhi Xu") *** ** * ** *** [![Google Play Apps Infected with Malicious IFrames](https://www.paloaltonetworks.com/blog/wp-content/uploads/2016/09/unit42-web-banner-650x300.jpg)](https://www.paloaltonetworks.com/blog/2017/03/unit42-google-play-apps-infected-malicious-iframes/) ## [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown) ### [Google Play Apps Infected with Malicious IFrames](https://www.paloaltonetworks.com/blog/2017/03/unit42-google-play-apps-infected-malicious-iframes/) Unit 42 researchers discover Google Play apps infected with malicious IFrames. Mar 01, 2017 By [Xiao Zhang](https://www.paloaltonetworks.com/blog/author/xiao/?ts=markdown "Posts by Xiao Zhang"), [Wenjun Hu](https://www.paloaltonetworks.com/blog/author/wenjun-hu/?ts=markdown "Posts by Wenjun Hu") and [Shawn Jin](https://www.paloaltonetworks.com/blog/author/shawn-jin/?ts=markdown "Posts by Shawn Jin") *** ** * ** *** Load more *** ** * ** *** Blogs by Wenjun Hu Sort By: Popular Popular Recent *** ** * ** *** [![Hidden Devil in the Development Life Cycle: Google Play Apps Infected with Windows Executable Files](https://www.paloaltonetworks.com/blog/wp-content/uploads/2018/04/unit42-blog-600x300.jpg)](https://www.paloaltonetworks.com/blog/2018/07/unit42-hidden-devil-development-life-cycle-google-play-apps-infected-windows-executable-files/) ## [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown) ### [Hidden Devil in the Development Life Cycle: Google Play Apps Infected with ...](https://www.paloaltonetworks.com/blog/2018/07/unit42-hidden-devil-development-life-cycle-google-play-apps-infected-windows-executable-files/) Unit 42 uncovers 145 malicious Google Play apps. Get the full report. Jul 30, 2018 By [Yue Chen](https://www.paloaltonetworks.com/blog/author/yue-chen/?ts=markdown "Posts by Yue Chen"), [Wenjun Hu](https://www.paloaltonetworks.com/blog/author/wenjun-hu/?ts=markdown "Posts by Wenjun Hu"), [Xiao Zhang](https://www.paloaltonetworks.com/blog/author/xiao/?ts=markdown "Posts by Xiao Zhang") and [Zhi Xu](https://www.paloaltonetworks.com/blog/author/zhi-xu/?ts=markdown "Posts by Zhi Xu") *** ** * ** *** [![Android Toast Overlay Attack: “Cloak and Dagger” with No Permissions](https://www.paloaltonetworks.com/blog/wp-content/uploads/2016/09/unit42-web-banner-650x300.jpg)](https://www.paloaltonetworks.com/blog/2017/09/unit42-android-toast-overlay-attack-cloak-and-dagger-with-no-permissions/) ## [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown) ### [Android Toast Overlay Attack: "Cloak and Dagger" with No Permissions](https://www.paloaltonetworks.com/blog/2017/09/unit42-android-toast-overlay-attack-cloak-and-dagger-with-no-permissions/) Palo Alto Networks Unit 42 researchers have uncovered a high severity vulnerability in the Android overlay system, which allows a new Android overlay attack by using the "Toast type" overlay. Sep 07, 2017 By [Cong Zheng](https://www.paloaltonetworks.com/blog/author/cong-zheng/?ts=markdown "Posts by Cong Zheng"), [Wenjun Hu](https://www.paloaltonetworks.com/blog/author/wenjun-hu/?ts=markdown "Posts by Wenjun Hu"), [Xiao Zhang](https://www.paloaltonetworks.com/blog/author/xiao/?ts=markdown "Posts by Xiao Zhang") and [Zhi Xu](https://www.paloaltonetworks.com/blog/author/zhi-xu/?ts=markdown "Posts by Zhi Xu") *** ** * ** *** [![SpyDealer: Android Trojan Spying on More Than 40 Apps](https://www.paloaltonetworks.com/blog/wp-content/uploads/2016/09/unit42-web-banner-650x300.jpg)](https://www.paloaltonetworks.com/blog/2017/07/unit42-spydealer-android-trojan-spying-40-apps/) ## [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown) ### [SpyDealer: Android Trojan Spying on More Than 40 Apps](https://www.paloaltonetworks.com/blog/2017/07/unit42-spydealer-android-trojan-spying-40-apps/) Palo Alto Networks researchers discovered an advanced Android malware we've named "SpyDealer" which exfiltrates private data from more than 40 apps and steals sensitive messages from communication apps by abusing the Android accessibility service feature Jul 06, 2017 By [Wenjun Hu](https://www.paloaltonetworks.com/blog/author/wenjun-hu/?ts=markdown "Posts by Wenjun Hu"), [Cong Zheng](https://www.paloaltonetworks.com/blog/author/cong-zheng/?ts=markdown "Posts by Cong Zheng") and [Zhi Xu](https://www.paloaltonetworks.com/blog/author/zhi-xu/?ts=markdown "Posts by Zhi Xu") *** ** * ** *** [![A New Trend in Android Adware: Abusing Android Plugin Frameworks](https://www.paloaltonetworks.com/blog/wp-content/uploads/2016/09/unit42-web-banner-650x300.jpg)](https://www.paloaltonetworks.com/blog/2017/03/unit42-new-trend-android-adware-abusing-android-plugin-frameworks/) ## [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown) ### [A New Trend in Android Adware: Abusing Android Plugin Frameworks](https://www.paloaltonetworks.com/blog/2017/03/unit42-new-trend-android-adware-abusing-android-plugin-frameworks/) Unit 42 researchers uncover aggressive adware abusing third-party DroidPlugin framework on Android. Mar 22, 2017 By [Cong Zheng](https://www.paloaltonetworks.com/blog/author/cong-zheng/?ts=markdown "Posts by Cong Zheng"), [Wenjun Hu](https://www.paloaltonetworks.com/blog/author/wenjun-hu/?ts=markdown "Posts by Wenjun Hu") and [Zhi Xu](https://www.paloaltonetworks.com/blog/author/zhi-xu/?ts=markdown "Posts by Zhi Xu") *** ** * ** *** [![Google Play Apps Infected with Malicious IFrames](https://www.paloaltonetworks.com/blog/wp-content/uploads/2016/09/unit42-web-banner-650x300.jpg)](https://www.paloaltonetworks.com/blog/2017/03/unit42-google-play-apps-infected-malicious-iframes/) ## [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown) ### [Google Play Apps Infected with Malicious IFrames](https://www.paloaltonetworks.com/blog/2017/03/unit42-google-play-apps-infected-malicious-iframes/) Unit 42 researchers discover Google Play apps infected with malicious IFrames. Mar 01, 2017 By [Xiao Zhang](https://www.paloaltonetworks.com/blog/author/xiao/?ts=markdown "Posts by Xiao Zhang"), [Wenjun Hu](https://www.paloaltonetworks.com/blog/author/wenjun-hu/?ts=markdown "Posts by Wenjun Hu") and [Shawn Jin](https://www.paloaltonetworks.com/blog/author/shawn-jin/?ts=markdown "Posts by Shawn Jin") *** ** * ** *** Load more {#footer} {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language