
Poisoned at the source.
From Only Malware in the Building by DISCARDED | N2K Networks
January 6, 2026 · 45 min · Season 2 · Episode 19
About this episode
The episode explores supply chain attacks through a significant Android malware campaign and its implications.
Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by her co-hosts N2K Networks Dave Bittner and Keith Mularski, former FBI cybercrime investigator and now Chief Global Ambassador at Qintel. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we dive into supply chain attacks through the lens of a massive Android malware campaign that infects devices before they ever reach users, embedding itself in firmware and reseller-installed system images. We connect the dots to other high-impact supply chain incidents—from SolarWinds to the recent F5 breach—and share new intelligence on Android devices compromised during manufacturing and distribution in China. Together, these cases highlight how attacks at the source can…
People in this episode
Host: Selena Larson
Guests: Dave Bittner, Keith Mularski
Topics covered
- supply chain attacks
- Android malware
- cybersecurity
- firmware infections
- cybercrime
- threat intelligence
Keywords
- supply chain
- Android malware
- cybersecurity
- firmware
- malware campaign
- threats
- cyber puzzle
Mentioned in this episode
Organizations: Proofpoint, N2K Networks, Qintel, SolarWinds, F5
Places: China, New York
More episodes of Only Malware in the Building
- Trusting the wrong package. · June 2, 2026 · 47 min
- Mythbehavior under investigation. · May 5, 2026 · 45 min
- Who’s logging in? · April 7, 2026 · 43 min
- AI swarms and cyber alarms. · March 10, 2026 · 52 min
- When legit is the trick: Phishing’s sneaky new moves. · February 3, 2026 · 40 min
- Yippee-ki-yay, cybercriminals! · December 2, 2025 · 40 min
Explore listener stats, chart rankings, contacts and more on the Only Malware in the Building podcast page.