Malwarelytics: Introducing A Full Mobile Threat Intelligence

We worked on incorporating a new round of features into Malwarelytics and it is the right time now to let you know about what we have been secretly working on over the past months. Typically, we would release an obligatory “What Is New In The March 2021 Release?” post. But this time, we had to choose a different title. The changes are massive, yet available to all customers as a part of their existing plan.

Support for Apple Devices

The story of Malwarelytics started with a single goal: To fortify mobile banking applications against malware attacks on Android. The story continues and we decided to solve an even bigger problem: mobile security. With our fresh new iOS SDK, we also protect Apple devices and we support both mobile platforms in the Malwarelytics console.

Apple device detail shows security-related device flags and on-device events.

Device Flags

With the new SDK release extended with advanced RASP (Runtime Application Self-Protection) detections, we provide unprecedented visibility into potentially insecure devices, as well as local on-device protection.

Device flags indicate potential security issues that are related to the device

The new device flags section shows indications of what problematic properties the device currently has (or had before), for example:

• Rooted or Jailbroken device
• Emulator
• Repackaged source
• Developer mode
• Disabled Google Play Protect
• Enabled HTTP proxy
• No biometry
• No screen lock
• … and more - we will add new device flags regularly

Device Event Timeline

We extended the device detail with another shiny new component to show all the events that are security sensitive and happened on the device recently.

Device events

The events we currently collect are for example:

• Authentication related events
• Network incidents
• Runtime attacks
• System lifecycle events
• User actions and behavior auditing
• … and more, the list of supported events will be growing and growing.

Installation Attributes

The table of installed and removed APKs on an Android device detail page has a new column with installation timestamps and detected source installer.

A new installation column in the APKs table shows where the app is coming from

The installation timestamps will help you assess for how long a malware app was present on the device, or when a suspicious app was uninstalled. We also help you reveal where the app was installed from. This way, you can see if an app is coming from:

• Most common app stores (such as Google Play or Samsung Galaxy store)
• General Android package installer (app installed from an SD card)
• Preloaded application (app by a device vendor)
• Other, less known installers

And of course, we also show the source installer of the banking app itself.

We can show you where your mobile banking app comes from

Device Marketing Name

Last but not least, we have listened to your feedback and applied the translation of the raw device model to its corresponding marketing name.

Marketing name of a device, instead of a raw device model name

The marketing names are now present on all lists, on the device detail page, and in the general statistics. The original device model is still there, slightly hidden under a tooltip.

Are you looking for malware protection for your mobile banking or fintech app? Register for Malwarelytics for free! Our trial mode is perfect for evaluation or proofs-of-concept. In case you have any questions, please contact us at hello@wultra.com. We also recommend looking at the Malwarelytics integration tutorial on our developer portal.