Appdome Breaks the Surge in Android & iOS Trojans Globally

Extends leadership in Account Takeover Protection (ATO) with 24 new Dynamic Defense Plugins Targeting Banking Trojans, Trojan Spyware, and RATs

REDWOOD CITY, Calif., Feb. 4, 2025 /PRNewswire/ -- Appdome, the leader in protecting mobile businesses, today announced a platform upgrade that includes 24 new dynamic defense plugins targeting hundreds of Banking Trojans, Trojan Spyware, and Remote Access Trojan malware across Android and iOS apps. The new plugins for Appdome's patented AI-Native XTM Platform are designed to use in-app behavioral analysis to combat the prolific rise in trojan malware targeting mobile banking, fintech, trading, mCommerce, and other Android and iOS apps. Like all Appdome defenses, each of the 24 new dynamic defense plugins targeting trojan attacks is available by choice using the Appdome platform without the need to integrate code, perform manual coding, implement SDKs, or deploy servers.

"The surge of trojan malware and fraud is top of mind in the mobile economy," said Tom Tovar, co-creator and CEO of Appdome. "We study more than 5 billion data points every week to understand how polymorphic trojan malware behaves and design defenses that are purpose-built for the job of defeating each type of trojan threat."

The rise of Mobile Banking Trojans, Trojan Spyware, and Remote Access Trojans (RATs) has become a significant threat to the mobile economy. Attackers are developing increasingly sophisticated trojan malware to exploit users of Android and iOS applications. These attacks are no longer limited by geographic boundaries. In addition, AI-powered attack generation and mutations have arrived in full force. Banking Trojans like Xenomorph and SharkBot target mobile banking apps, overlaying fake login screens to steal credentials and bypass multi-factor authentication. Meanwhile, Trojan spyware such as Pegasus has demonstrated how nation-state-grade surveillance tools can infiltrate mobile devices, exfiltrate sensitive data and track users. RATs, like BRATA, take the threat further by granting attackers full control over infected devices, allowing them to siphon funds, intercept communications, and even perform factory resets of devices to erase attack residue. As AI-driven automation, on-device fraud (ODF) tactics, and sophisticated evasion techniques proliferate, mobile commerce, fintech, and mobile banking platforms are at increasing risk of exploitation and compromise.

"Banking Trojans, Trojan Spyware, and Remote Access Trojans present multiple threats to a mobile business and user," said Richard Stiennon, Chief Research Analyst at IT-Harvest. "Appdome's model of using defense plugins gives mobile brands and businesses the power to choose which threat to detect and how to defend against that threat."

The Appdome platform generates dynamic defense plugins to protect mobile applications based on business needs. Once added to a mobile application, these plugins analyze mobile application behavior, user interactions, and network and system operations at runtime, enabling proactive detection and prevention of attacks. Where SDKs deliver static defense checks or route traffic to attestation servers, Appdome's dynamic defense plugins do the work inside Android & iOS applications to provide an inherently self-adaptive, self-intelligent detection scheme capable of detecting even the most sophisticated and polymorphic Trojan malware. These dynamic defense plugins can also inform, instruct and take instruction from the mobile application or mobile backend, providing seamless defense to any class of attack.

The new 24+ Appdome mobile defense plugins that target specific trojan malware and spyware in the expanded Appdome Account Takeover (ATO) offering include:

For Mobile Banking Trojans:

• Accessibility Malware: Blocks unauthorized exploitation of Android accessibility services, such as preventing malicious overlays, input manipulation, and automated attacks.
• ATS Malware: Prevents unauthorized automation of banking transactions and detects real-time attempts to manipulate app sessions.
• BrasDex Trojan: Provides proactive protection against BrasDex trojan by thwarting its keylogging and credential theft mechanisms using advanced behavioral analysis.
• Xenomorph Trojan: Safeguards against Xenomorph trojan attacks by identifying and blocking unauthorized overlays and phishing attempts targeting user credentials.
• PixBankBot Trojan: Defends against PixBankBot by preventing the trojan's ability to intercept and manipulate banking transactions on infected devices.
• PixPirate Trojan: Protects mobile users from PixPirate by disrupting its session hijacking and credential exfiltration tactics through real-time anomaly detection.
• SpyNote Trojan: Stops SpyNote trojan by blocking its remote access capabilities and preventing unauthorized data exfiltration from compromised devices.
• Joker Trojan: Combats Joker trojan by identifying its SMS interception and subscription fraud attempts, ensuring mobile user security and app integrity.
• Octo Trojan: Defends against Octo trojan by disrupting its on-device fraud execution and preventing data leakage with embedded AI-driven defenses.
• Blank Bot: Secures apps from Blank Bot by detecting its automated attacks aimed at stealing user credentials and disrupting its login attempt manipulation.
• Godfather: Provides a robust defense against Godfather trojan by monitoring app behavior and blocking its attempts to access and exploit sensitive banking information.
• Toxic Panda: Protects from stealing login credentials and credit card details by manipulating Android accessibility with Android app overlay attacks and SMS interception.
• Cloak & Dagger: Detects unauthorized use of Android accessibility features and prevents invisible overlays or touch events that aim to steal sensitive information.
• Gold Pickaxe: Prevents unauthorized MDM installations that are used to gain remote control over devices, phishing overlays, credential theft mechanisms, and unauthorized access to sensitive user data on iOS devices.

For Mobile Spyware Trojans:

• Pegasus Spyware: Mitigates Pegasus spyware threats by blocking zero-click exploitation and halting its covert surveillance and data exfiltration processes.
• Cerberus: Shields against Cerberus banking trojan by detecting overlay attacks and disrupting its credential-stealing operations in real time.
• AgentTesla: Prevents AgentTesla attacks by intercepting its keylogging and data-stealing activities through dynamic runtime analysis and payload blocking.
• DarkComet: Protects against DarkComet by detecting its remote access commands and preventing malicious file manipulation or user surveillance.

For Remote Access Trojans (RATs):

• SpyNote RAT: Protects against SpyNote RAT by detecting and blocking its remote administration and data exfiltration mechanisms through runtime behavioral analysis.
• AndroRAT: Neutralizes AndroRAT attacks by preventing its remote access capabilities, such as file manipulation and keystroke logging, through advanced payload detection.

For Task Hijacking:

• Prevent Task Hijacking: Blocks Android apps from unauthorized screen overlays and secured the app's task management system.
• Detect Strandhogg 2.0: Detects and blocks malicious app masquerading attacks that exploit vulnerabilities in the Android multitasking system, prevents unauthorized privilege escalation and the hijacking of legitimate app sessions.

For Logging Attacks:

• Prevent Android Logging Attacks: Disables Android log function calls to prevent data leakage and attacks via logging infrastructure, such as log4j.
• Prevent iOS Logging Attacks: Prevents log function calls in an iOS device, preventing sensitive data from leaking to malicious actors.

Each specific attack vector represents a trojan malware class, so brands and businesses can expect each Appdome defense to detect and block the source or original trojan attack as well as its variants. Appdome Platform uses real-time behavioral analysis to detect the behaviors and methods that the multitude of banking trojans, trojan spyware and RATs use to exploit mobile users. As a learning system, Appdome is constantly evolving to ensure continuous defense against trojan malware and threats.

"With this update, we're providing granular detection and response control against a massive variety of Android & iOS trojan malware," said Chris Roeckl, Chief Product Officer at Appdome. "Where siloed point products can only touch these threats tangentially, our big data footprint and AI-native delivery model means that we're uniquely positioned to detect each specific threat and help mobile businesses stay ahead of the curve in known and zero-day threats."

Like all Appdome mobile app defenses, the new Trojan defense features combine the power of choice-driven defense in depth, and no-code, no SDK delivery with innovative on-device detection, defense, and intelligence options to satisfy any implementation objective. All Android & iOS Trojan Plugins are available with Appdome's Threat-Events™ Intelligence and Control Framework and ThreatScope™ Threat Analytics service. Threat-Events allows mobile brands to gather data on each attack, control the user experience and create beautiful on-brand mobile experiences when attacks happen. Mobile brands can use Threat-Events to create unique workflows and user messages leveraging the power of their brand voice when threats are present. Mobile businesses can track and monitor banking trojan, trojan spyware and Remote Access Trojan attacks via Appdome's ThreatScope™, either before or after the deployment of the anti-trojan features.

Learn more about and request a demo of Appdome Android and iOS Trojan Protection.

About Appdome
Appdome's mission is to protect every mobile business and user in the world from scams, fraud, bots, and hackers. Mobile businesses, mobile apps, mobile platforms, operating systems, and threats constantly change. Appdome's patented AI-Native XTM Platform is designed to instantly accommodate these changes by automating every aspect of mobile application and business defense – from design to build, certification, monitoring, response, support, and resolution. Appdome uses AI to deliver a growing list of 10,000s of dynamic defense plugins created to address 400+ mobile app security, anti-fraud, bot defense, anti-malware, geo compliance, social engineering, deep fake and other attack vectors on demand. Mobile applications that are built using Appdome are Certified Secure™ at build time, eliminating the need for coding, SDKs, server attestation, work, and complexity in the cyber defense lifecycle. Appdome also uses AI inside its ThreatScope™ Mobile XDR, to continuously calculate a Mobile Risk Index™ for businesses and applications as well as rank and preempt attacks in real-time. In Appdome's Threat Resolution Center™, Appdome uses GenAI to provide customer support and care teams a quick and easy way to provide end-user threat resolution and remediation. All of Appdome's in-app and bot defenses can be used with Appdome's Threat-Events™ intelligence framework. This framework gathers threat and attack metadata, and is used to inform the application, application SDKs and back end network components when threats are present or to create customized threat responses inside Android & iOS apps. As a platform, Appdome also functions as a continuous compliance center, tracking all builds, changes, teams, users, defense configurations, events and more for quick and easy audit of the mobile defense lifecycle. Appdome holds several patents including U.S. Patents 9,934,017 B2, 10,310,870 B2, 10,606,582 B2, 11,243,748 B2 and 11,294,663 B2. Additional patents pending.

View original content to download multimedia:https://www.prnewswire.com/news-releases/appdome-breaks-the-surge-in-android--ios-trojans-globally-302367506.html

SOURCE Appdome