Back to blog

Malwarelytics: Introducing A Full Mobile Threat Intelligence

Lukáš Lukovský
03/03/2021
Product Updates

We worked on incorporating a new round of features into Malwarelytics and it is the right time now to let you know about what we have been secretly working on over the past months. Typically, we would release an obligatory "What Is New In The March 2021 Release?" post. But this time, we had to choose a different title. The changes are massive, yet available to all customers as a part of their existing plan.

Support for Apple Devices

The story of Malwarelytics started with a single goal: To fortify mobile banking applications against malware attacks on Android. The story continues and we decided to solve an even bigger problem: mobile security. With our fresh new iOS SDK, we also protect Apple devices and we support both mobile platforms in the Malwarelytics console.

Device Flags

With the new SDK release extended with advanced RASP (Runtime Application Self-Protection) detections, we provide unprecedented visibility into potentially insecure devices, as well as local on-device protection.

The new device flags section shows indications of what problematic properties the device currently has (or had before), for example:

  • Rooted or Jailbroken device
  • Emulator
  • Repackaged source
  • Developer mode
  • Disabled Google Play Protect
  • Enabled HTTP proxy
  • No biometry
  • No screen lock
  • … and more - we will add new device flags regularly

Device Event Timeline

We extended the device detail with another shiny new component to show all the events that are security sensitive and happened on the device recently.

The events we currently collect are for example:

  • Authentication related events
  • Network incidents
  • Runtime attacks
  • System lifecycle events
  • User actions and behavior auditing
  • … and more, the list of supported events will be growing and growing.

Installation Attributes

The table of installed and removed APKs on an Android device detail page has a new column with installation timestamps and detected source installer.

The installation timestamps will help you assess for how long a malware app was present on the device, or when a suspicious app was uninstalled. We also help you reveal where the app was installed from. This way, you can see if an app is coming from:

  • Most common app stores (such as Google Play or Samsung Galaxy store)
  • General Android package installer (app installed from an SD card)
  • Preloaded application (app by a device vendor)
  • Other, less known installers
  • And of course, we also show the source installer of the banking app itself.

Device Marketing Name

Last but not least, we have listened to your feedback and applied the translation of the raw device model to its corresponding marketing name.

The marketing names are now present on all lists, on the device detail page, and in the general statistics. The original device model is still there, slightly hidden under a tooltip.

Stay Safe From Mobile Threats

Are you looking for runtime application self-protection or active anti-malware component for your mobile banking or fintech app? Contact us at [email protected], or leave us your e-mail address, and we will get back to you shortly.