Appdome Breaks the Surge in Android & iOS Trojans Globally

India – Feb. 6, 2025Appdome, the leader in protecting mobile businesses, today announced a platform upgrade that includes 24 new dynamic defense plugins targeting hundreds of Banking Trojans, Trojan Spyware, and Remote Access Trojan malware across Android and iOS apps. The new plugins for Appdome’s patented AI-Native XTM Platform are designed to use in-app behavioral analysis to combat the prolific rise in trojan malware targeting mobile banking, fintech, trading, mCommerce, and other Android and iOS apps. Like all Appdome defenses, each of the 24 new dynamic defense plugins targeting trojan attacks is available by choice using the Appdome platform without the need to integrate code, perform manual coding, implement SDKs, or deploy servers.

“The surge of trojan malware and fraud is top of mind in the mobile economy,” said Tom Tovar, co-creator and CEO of Appdome. “We study more than 5 billion data points every week to understand how polymorphic trojan malware behaves and design defenses that are purpose-built for the job of defeating each type of trojan threat.”

The rise of Mobile Banking Trojans, Trojan Spyware, and Remote Access Trojans (RATs) has become a significant threat to the mobile economy. Attackers are developing increasingly sophisticated trojan malware to exploit users of Android and iOS applications. These attacks are no longer limited by geographic boundaries. In addition, AI-powered attack generation and mutations have arrived in full force. Banking Trojans like Xenomorph and SharkBot target mobile banking apps, overlaying fake login screens to steal credentials and bypass multi-factor authentication. Meanwhile, Trojan spyware such as Pegasus has demonstrated how nation-state-grade surveillance tools can infiltrate mobile devices, exfiltrate sensitive data and track users. RATs, like BRATA, take the threat further by granting attackers full control over infected devices, allowing them to siphon funds, intercept communications, and even perform factory resets of devices to erase attack residue. As AI-driven automation, on-device fraud (ODF) tactics, and sophisticated evasion techniques proliferate, mobile commerce, fintech, and mobile banking platforms are at increasing risk of exploitation and compromise.

“Banking Trojans, Trojan Spyware, and Remote Access Trojans present multiple threats to a mobile business and user,” said Richard Stiennon, Chief Research Analyst at IT-Harvest. “Appdome’s model of using defense plugins gives mobile brands and businesses the power to choose which threat to detect and how to defend against that threat.”

The Appdome platform generates dynamic defense plugins to protect mobile applications based on business needs. Once added to a mobile application, these plugins analyze mobile application behavior, user interactions, and network and system operations at runtime, enabling proactive detection and prevention of attacks. Where SDKs deliver static defense checks or route traffic to attestation servers, Appdome’s dynamic defense plugins do the work inside Android & iOS applications to provide an inherently self-adaptive, self-intelligent detection scheme capable of detecting even the most sophisticated and polymorphic Trojan malware. These dynamic defense plugins can also inform, instruct and take instruction from the mobile application or mobile backend, providing seamless defense to any class of attack.

The new 24+ new Appdome mobile defense plugins that target specific trojan malware and spyware in the expanded Appdome Account Takeover (ATO) offering include:

For Mobile Banking Trojans:

  • Accessibility Malware: Blocks unauthorized exploitation of Android accessibility services, such as preventing malicious overlays, input manipulation, and automated attacks.
  • ATS Malware: Prevents unauthorized automation of banking transactions and detects real-time attempts to manipulate app sessions.
  • BrasDex Trojan: Provides proactive protection against BrasDex trojan by thwarting its keylogging and credential theft mechanisms using advanced behavioral analysis.
  • Xenomorph Trojan: Safeguards against Xenomorph trojan attacks by identifying and blocking unauthorized overlays and phishing attempts targeting user credentials.
  • PixBankBot Trojan: Defends against PixBankBot by preventing the trojan’s ability to intercept and manipulate banking transactions on infected devices.
  • PixPirate Trojan: Protects mobile users from PixPirate by disrupting its session hijacking and credential exfiltration tactics through real-time anomaly detection.
  • SpyNote Trojan: Stops SpyNote trojan by blocking its remote access capabilities and preventing unauthorized data exfiltration from compromised devices.
  • Joker Trojan: Combats Joker trojan by identifying its SMS interception and subscription fraud attempts, ensuring mobile user security and app integrity.
  • Octo Trojan: Defends against Octo trojan by disrupting its on-device fraud execution and preventing data leakage with embedded AI-driven defenses.
  • Blank Bot: Secures apps from Blank Bot by detecting its automated attacks aimed at stealing user credentials and disrupting its login attempt manipulation.
  • Godfather: Provides a robust defense against Godfather trojan by monitoring app behavior and blocking its attempts to access and exploit sensitive banking information.
  • Toxic Panda: Protects from stealing login credentials and credit card details by manipulating Android accessibility with Android app overlay attacks and SMS interception.
  • Cloak & Dagger: Detects unauthorized use of Android accessibility features and prevents invisible overlays or touch events that aim to steal sensitive information.
  • Gold Pickaxe: Prevents unauthorized MDM installations that are used to gain remote control over devices, phishing overlays, credential theft mechanisms, and unauthorized access to sensitive user data on iOS devices.

For Mobile Spyware Trojans:

  • Pegasus Spyware: Mitigates Pegasus spyware threats by blocking zero-click exploitation and halting its covert surveillance and data exfiltration processes.
  • Cerberus: Shields against Cerberus banking trojan by detecting overlay attacks and disrupting its credential-stealing operations in real time.
  • AgentTesla: Prevents AgentTesla attacks by intercepting its keylogging and data-stealing activities through dynamic runtime analysis and payload blocking.
  • DarkComet: Protects against DarkComet by detecting its remote access commands and preventing malicious file manipulation or user surveillance.

For Remote Access Trojans (RATs):

  • SpyNote RAT: Protects against SpyNote RAT by detecting and blocking its remote administration and data exfiltration mechanisms through runtime behavioral analysis.
  • AndroRAT: Neutralizes AndroRAT attacks by preventing its remote access capabilities, such as file manipulation and keystroke logging, through advanced payload detection.

For Task Hijacking:

  • Prevent Task Hijacking: Blocks Android apps from unauthorized screen overlays and securing the app’s task management system.
  • Detect Strandhogg 2.0: Detects and blockings malicious app masquerading attacks that exploit vulnerabilities in the Android multitasking system, prevents unauthorized privilege escalation and the hijacking of legitimate app sessions.

For Logging Attacks:

    • Prevent Android Logging Attacks: Disables Android log function calls to prevent data leakage and attacks via logging infrastructure, such as log4j.
    • Prevent iOS Logging Attacks: Prevents log function calls in an iOS device, preventing sensitive data from leaking to malicious actors.

Each specific attack vector represents a trojan malware class, so brands and businesses can expect each Appdome defense to detect and block the source or original trojan attack as well as its variants. Appdome Platform uses real-time behavioral analysis to detect the behaviors and methods that the multitude of banking trojans, trojan spyware and RATs use to exploit mobile users. As a learning system, Appdome is constantly evolving to ensure continuous defense against trojan malware and threats.

“With this update, we’re providing granular detection and response control against a massive variety of Android & iOS trojan malware,” said Chris Roeckl, Chief Product Officer at Appdome. “Where siloed point products can only touch these threats tangentially, our big data footprint and AI-native delivery model means that we’re uniquely positioned to detect each specific threat and help mobile businesses stay ahead of the curve in known and zero-day threats.”

Like all Appdome mobile app defenses, the new Trojan defense features combine the power of choice-driven defense in depth, and no-code, no SDK delivery with innovative on-device detection, defense, and intelligence options to satisfy any implementation objective. All Android & iOS Trojan Plugins are available with Appdome’s Threat-Events™ Intelligence and Control Framework and ThreatScope™ Threat Analytics service. Threat-Events allows mobile brands to gather data on each attack, control the user experience and create beautiful on-brand mobile experiences when attacks happen. Mobile brands can use Threat-Events to create unique workflows and user messages leveraging the power of their brand voice when threats are present. Mobile businesses can track and monitor banking trojan, trojan spyware and Remote Access Trojan attacks via Appdome’s ThreatScope™, either before or after the deployment of the anti-trojan features.

Appdome Launches AI-Native Threat Dynamics™ Platform

India, 24 January 2025– Appdome, the leader in protecting mobile businesses, today announced that a new AI-Native threat-management module called Threat Dynamics™ will be offered inside Appdome’s ThreatScope™ Mobile XDR. Threat Dynamics uses AI deep learning to continuously evaluate the likelihood of a successful exploit from more than 400+ attack vectors and calculate a Mobile Risk Index™ for each business and mobile application. This allows businesses to see how threats move across the production environment, empowering them to quickly prioritize and focus on the attack vectors with the highest potential impact and preempt these threats before they escalate. This also allows businesses to continuously benchmark and manage their business- and application-level risk against the baseline of Appdome’s growing monthly data stream of tens of billions of mobile fraud, scam, bot, and cyber threat events globally. These new capabilities add to ThreatScope Mobile XDR’s existing real-time threat intelligence, inspection, and rapid response capabilities.

“On top of lightning-fast incident response, mobile businesses want to benchmark their mobile defense posture against the industry and preempt mobile threats before they escalate,” said Tom Tovar, co-creator and CEO of Appdome. “Mobile businesses don’t want to play ‘whack a mole’ with fraud, scams and cyber-attacks. They want AI-driven reconnaissance and benchmarking plus the rapid and automated response of XDR in one platform. They want to operationalize extended threat management across the full lifecycle of the mobile business.”

As mobile becomes the business, the landscape of fraud and cyber-attacks in the mobile economy has grown significantly. It now includes a wide range of adversaries, such as active hacker communities, criminal organizations, and AI-powered attacks. In this economy, attack vectors such as account takeover (ATO), on-device fraud (ODF), scams, identity theft, bot attacks, and more are proliferating quickly. Mobile businesses switched to Appdome to accelerate their defense time to market, eliminate work, gain automation through machine learning, and build any combination of Appdome’s 10,000+ dynamic defense plugins into mobile apps fast. With Appdome Threat Dynamics, mobile businesses can now leverage the biggest and most diverse data stream of mobile fraud and threat events in the digital economy to take a holistic and continuous approach to threat management. With Threat Dynamics, businesses leverage the power of AI to analyze and benchmark their active attack surface against the active attack surface in billions of Appdome-defended mobile apps. By analyzing this data from multiple perspectives, mobile businesses can see how cyber-attacks, fraud, and threats move across the mobile business and use Appdome’s Threat Dynamics to identify fraud and cyber-attack patterns early on, rank the potential impact of each attack prospectively, and preempt cyber-attacks, fraud, and threats before the attacks proliferate.

“Appdome already improves productivity for dev and cyber security teams, automating engineering work and reducing security review time,” said Eric Newcomer, CTO at Intellyx. “As more attacks target the mobile channel, it is more important than ever to combine fraud and other threat data from the mobile business under a single pane of glass. Appdome’s huge data set and AI-driven defense model give businesses the power to pre-empt fraud and deliver immediate responses to any such threats and attacks.”

Data Siloes and Basic High-Med-Low Severities Are Not Enough.
Mobile businesses need usable and relevant data about the attacks and threats impacting their Android & iOS applications, users, identities, and transactions. However, point products aimed at mobile app security, mobile fraud prevention, KYC checks, and mobile identity only provide one slice of data. These slices are often available in siloed implementations that isolate data to one app, customer, and attack vector only. The same products either can’t or don’t aggregate, analyze, or expose data from all installations, leverage adaptive learning models or apply AI to benchmark trends, virality, or future potential impact of attacks. The output from these systems is often limited to human-defined “true / false” or “high,” “medium,” and “low” severity designations, which fatigue users and lead to false positives and missed attacks.

“Assume you had a service that received all the fraud, bot, cyber-attack, and defense data in the mobile economy,” said Avi Yehuda, CTO of Appdome. “Inside this data set, you can use AI deep learning to continuously analyze, find patterns, and rank billions of threat events in real-time and start to use this data to provide predictive insights and benchmark comparisons that give businesses the power to manage threats as an ongoing part of the business.”

Appdome’s Threat Dynamics leverages AI and Appdome’s big-data footprint to continuously analyze and rank mobile threats, including fraud, malware, and bot trends in its global data set. Using this data, Threat Dynamics continuously calculates a Mobile Risk Index™ for each mobile business and app, providing a holistic, living, and dynamic context to the threat data sent to their ThreatScope instance. Threat Dynamics also shows how fraud, cyber-attacks, and other threats move across mobile apps, releases, installations, devices, users, and networks. With Threat Dynamics, mobile businesses can see which attacks are moving fastest, which mobile applications suffer the most, and which attacks are likely to have the biggest impact on the business. Trends such as Infection Rate, Attack Frequency, Attack Velocity, Cohort Placement, Variance, Projected Impact, and more are provided for each attack, application, release, device, OS, geographic source, and other dimensions.

“Mobile threat intelligence has traditionally looked at data in the rear-view mirror or worse, with blinders on,” said Chris Roeckl, Chief Product Officer at Appdome. “Mobile businesses can’t wait to address the biggest attacks after the fact, waste time trying to manually evaluate threat data from multiple siloes or overreact to the wrong attack. The purpose of Threat Dynamics is to give businesses the power of AI deep learning to allow businesses to preempt attacks and manage and reduce their mobile risk as an active part of the business.”