Get to know

# Zhi Xu

*** ** * ** ***

Blogs by Zhi Xu  
Sort By: Recent  
Recent Popular

*** ** * ** ***

[![Hidden Devil in the Development Life Cycle: Google Play Apps Infected with Windows Executable Files](https://www2.paloaltonetworks.com/blog/wp-content/uploads/2018/04/unit42-blog-600x300.jpg)](https://www2.paloaltonetworks.com/blog/2018/07/unit42-hidden-devil-development-life-cycle-google-play-apps-infected-windows-executable-files/)

## [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

### [Hidden Devil in the Development Life Cycle: Google Play Apps Infected with ...](https://www2.paloaltonetworks.com/blog/2018/07/unit42-hidden-devil-development-life-cycle-google-play-apps-infected-windows-executable-files/)

Unit 42 uncovers 145 malicious Google Play apps. Get the full report.  
Jul 30, 2018  
By [Yue Chen](https://www.paloaltonetworks.com/blog/author/yue-chen/?ts=markdown "Posts by Yue Chen"), [Wenjun Hu](https://www.paloaltonetworks.com/blog/author/wenjun-hu/?ts=markdown "Posts by Wenjun Hu"), [Xiao Zhang](https://www.paloaltonetworks.com/blog/author/xiao/?ts=markdown "Posts by Xiao Zhang") and [Zhi Xu](https://www.paloaltonetworks.com/blog/author/zhi-xu/?ts=markdown "Posts by Zhi Xu")

*** ** * ** ***

[![Android Toast Overlay Attack: “Cloak and Dagger” with No Permissions](https://www2.paloaltonetworks.com/blog/wp-content/uploads/2016/09/unit42-web-banner-650x300.jpg)](https://www2.paloaltonetworks.com/blog/2017/09/unit42-android-toast-overlay-attack-cloak-and-dagger-with-no-permissions/)

## [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

### [Android Toast Overlay Attack: "Cloak and Dagger" with No Permissions](https://www2.paloaltonetworks.com/blog/2017/09/unit42-android-toast-overlay-attack-cloak-and-dagger-with-no-permissions/)

Palo Alto Networks Unit 42 researchers have uncovered a high severity vulnerability in the Android overlay system, which allows a new Android overlay attack by using the "Toast type" overlay.  
Sep 07, 2017  
By [Cong Zheng](https://www.paloaltonetworks.com/blog/author/cong-zheng/?ts=markdown "Posts by Cong Zheng"), [Wenjun Hu](https://www.paloaltonetworks.com/blog/author/wenjun-hu/?ts=markdown "Posts by Wenjun Hu"), [Xiao Zhang](https://www.paloaltonetworks.com/blog/author/xiao/?ts=markdown "Posts by Xiao Zhang") and [Zhi Xu](https://www.paloaltonetworks.com/blog/author/zhi-xu/?ts=markdown "Posts by Zhi Xu")

*** ** * ** ***

[![SpyDealer: Android Trojan Spying on More Than 40 Apps](https://www2.paloaltonetworks.com/blog/wp-content/uploads/2016/09/unit42-web-banner-650x300.jpg)](https://www2.paloaltonetworks.com/blog/2017/07/unit42-spydealer-android-trojan-spying-40-apps/)

## [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

### [SpyDealer: Android Trojan Spying on More Than 40 Apps](https://www2.paloaltonetworks.com/blog/2017/07/unit42-spydealer-android-trojan-spying-40-apps/)

Palo Alto Networks researchers discovered an advanced Android malware we've named "SpyDealer" which exfiltrates private data from more than 40 apps and steals sensitive messages from communication apps by abusing the Android accessibility service feature  
Jul 06, 2017  
By [Wenjun Hu](https://www.paloaltonetworks.com/blog/author/wenjun-hu/?ts=markdown "Posts by Wenjun Hu"), [Cong Zheng](https://www.paloaltonetworks.com/blog/author/cong-zheng/?ts=markdown "Posts by Cong Zheng") and [Zhi Xu](https://www.paloaltonetworks.com/blog/author/zhi-xu/?ts=markdown "Posts by Zhi Xu")

*** ** * ** ***

[![A New Trend in Android Adware: Abusing Android Plugin Frameworks](https://www2.paloaltonetworks.com/blog/wp-content/uploads/2016/09/unit42-web-banner-650x300.jpg)](https://www2.paloaltonetworks.com/blog/2017/03/unit42-new-trend-android-adware-abusing-android-plugin-frameworks/)

## [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

### [A New Trend in Android Adware: Abusing Android Plugin Frameworks](https://www2.paloaltonetworks.com/blog/2017/03/unit42-new-trend-android-adware-abusing-android-plugin-frameworks/)

Unit 42 researchers uncover aggressive adware abusing third-party DroidPlugin framework on Android.  
Mar 22, 2017  
By [Cong Zheng](https://www.paloaltonetworks.com/blog/author/cong-zheng/?ts=markdown "Posts by Cong Zheng"), [Wenjun Hu](https://www.paloaltonetworks.com/blog/author/wenjun-hu/?ts=markdown "Posts by Wenjun Hu") and [Zhi Xu](https://www.paloaltonetworks.com/blog/author/zhi-xu/?ts=markdown "Posts by Zhi Xu")

*** ** * ** ***

[](https://www2.paloaltonetworks.com/blog/2016/02/new-android-trojan-xbot-phishes-credit-cards-and-bank-accounts-encrypts-devices-for-ransom/)

## [Financial Services](https://www.paloaltonetworks.com/blog/category/financial-services/?ts=markdown), [Malware](https://www.paloaltonetworks.com/blog/category/malware-2/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

### [New Android Trojan "Xbot" Phishes Credit Cards and Bank Accounts, Encrypts ...](https://www2.paloaltonetworks.com/blog/2016/02/new-android-trojan-xbot-phishes-credit-cards-and-bank-accounts-encrypts-devices-for-ransom/)

We recently discovered 22 Android apps that belong to a new Trojan family we're calling "Xbot". This Trojan, which is still under development and regularly updated, is already capable of multiple malicious ...  
Feb 18, 2016  
By [Cong Zheng](https://www.paloaltonetworks.com/blog/author/cong-zheng/?ts=markdown "Posts by Cong Zheng"), [Claud Xiao](https://www.paloaltonetworks.com/blog/author/claud-xiao/?ts=markdown "Posts by Claud Xiao") and [Zhi Xu](https://www.paloaltonetworks.com/blog/author/zhi-xu/?ts=markdown "Posts by Zhi Xu")

*** ** * ** ***

Load more

*** ** * ** ***

Blogs by Zhi Xu  
Sort By: Popular  
Popular Recent

*** ** * ** ***

[](https://www2.paloaltonetworks.com/blog/2013/09/dplug-android-malware-discovered-by-wildfire/)

## [Malware](https://www.paloaltonetworks.com/blog/category/malware-2/?ts=markdown), [Mobility](https://www.paloaltonetworks.com/blog/category/mobility/?ts=markdown), [Threat Advisory/Analysis](https://www.paloaltonetworks.com/blog/category/threat-advisory-analysis/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)

### [Dplug Android malware discovered by WildFire](https://www2.paloaltonetworks.com/blog/2013/09/dplug-android-malware-discovered-by-wildfire/)

In July 2013, WildFire detected a new kind of Android Package File (APK) malware named Dplug. This malware poses as a system tool app for memory cleaning. Dplug uses SMS to hijack ...  
Sep 05, 2013  
By [Zhi Xu](https://www.paloaltonetworks.com/blog/author/zhi-xu/?ts=markdown "Posts by Zhi Xu")

*** ** * ** ***

[](https://www2.paloaltonetworks.com/blog/2013/08/parasites-android-malware-discovered-by-wildfire/)

## [Malware](https://www.paloaltonetworks.com/blog/category/malware-2/?ts=markdown)

### [Parasites Android Malware Discovered by WildFire](https://www2.paloaltonetworks.com/blog/2013/08/parasites-android-malware-discovered-by-wildfire/)

On July 16, 2013, Palo Alto Networks WildFire detected a new kind of Android malware that we have named Parasites. We will use this post to provide some technical details around this ...  
Aug 27, 2013  
By [Zhi Xu](https://www.paloaltonetworks.com/blog/author/zhi-xu/?ts=markdown "Posts by Zhi Xu")

*** ** * ** ***

[![Hidden Devil in the Development Life Cycle: Google Play Apps Infected with Windows Executable Files](https://www2.paloaltonetworks.com/blog/wp-content/uploads/2018/04/unit42-blog-600x300.jpg)](https://www2.paloaltonetworks.com/blog/2018/07/unit42-hidden-devil-development-life-cycle-google-play-apps-infected-windows-executable-files/)

## [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

### [Hidden Devil in the Development Life Cycle: Google Play Apps Infected with ...](https://www2.paloaltonetworks.com/blog/2018/07/unit42-hidden-devil-development-life-cycle-google-play-apps-infected-windows-executable-files/)

Unit 42 uncovers 145 malicious Google Play apps. Get the full report.  
Jul 30, 2018  
By [Yue Chen](https://www.paloaltonetworks.com/blog/author/yue-chen/?ts=markdown "Posts by Yue Chen"), [Wenjun Hu](https://www.paloaltonetworks.com/blog/author/wenjun-hu/?ts=markdown "Posts by Wenjun Hu"), [Xiao Zhang](https://www.paloaltonetworks.com/blog/author/xiao/?ts=markdown "Posts by Xiao Zhang") and [Zhi Xu](https://www.paloaltonetworks.com/blog/author/zhi-xu/?ts=markdown "Posts by Zhi Xu")

*** ** * ** ***

[![Android Toast Overlay Attack: “Cloak and Dagger” with No Permissions](https://www2.paloaltonetworks.com/blog/wp-content/uploads/2016/09/unit42-web-banner-650x300.jpg)](https://www2.paloaltonetworks.com/blog/2017/09/unit42-android-toast-overlay-attack-cloak-and-dagger-with-no-permissions/)

## [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

### [Android Toast Overlay Attack: "Cloak and Dagger" with No Permissions](https://www2.paloaltonetworks.com/blog/2017/09/unit42-android-toast-overlay-attack-cloak-and-dagger-with-no-permissions/)

Palo Alto Networks Unit 42 researchers have uncovered a high severity vulnerability in the Android overlay system, which allows a new Android overlay attack by using the "Toast type" overlay.  
Sep 07, 2017  
By [Cong Zheng](https://www.paloaltonetworks.com/blog/author/cong-zheng/?ts=markdown "Posts by Cong Zheng"), [Wenjun Hu](https://www.paloaltonetworks.com/blog/author/wenjun-hu/?ts=markdown "Posts by Wenjun Hu"), [Xiao Zhang](https://www.paloaltonetworks.com/blog/author/xiao/?ts=markdown "Posts by Xiao Zhang") and [Zhi Xu](https://www.paloaltonetworks.com/blog/author/zhi-xu/?ts=markdown "Posts by Zhi Xu")

*** ** * ** ***

[![SpyDealer: Android Trojan Spying on More Than 40 Apps](https://www2.paloaltonetworks.com/blog/wp-content/uploads/2016/09/unit42-web-banner-650x300.jpg)](https://www2.paloaltonetworks.com/blog/2017/07/unit42-spydealer-android-trojan-spying-40-apps/)

## [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

### [SpyDealer: Android Trojan Spying on More Than 40 Apps](https://www2.paloaltonetworks.com/blog/2017/07/unit42-spydealer-android-trojan-spying-40-apps/)

Palo Alto Networks researchers discovered an advanced Android malware we've named "SpyDealer" which exfiltrates private data from more than 40 apps and steals sensitive messages from communication apps by abusing the Android accessibility service feature  
Jul 06, 2017  
By [Wenjun Hu](https://www.paloaltonetworks.com/blog/author/wenjun-hu/?ts=markdown "Posts by Wenjun Hu"), [Cong Zheng](https://www.paloaltonetworks.com/blog/author/cong-zheng/?ts=markdown "Posts by Cong Zheng") and [Zhi Xu](https://www.paloaltonetworks.com/blog/author/zhi-xu/?ts=markdown "Posts by Zhi Xu")

*** ** * ** ***

Load more  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language