Protect Mobile Apps Against Malware

Mobile apps are an easy target for on-device exploitation as they run on devices outside the enterprise’s perimeter and control. The app binaries and the inspection tools necessary to find exploitable vulnerabilities are freely available, allowing attackers to build and deploy targeted malware, phishing, and network attacks to steal confidential data on the device. In the absence of mobile runtime application self-protection (RASP) capabilities, attackers have repeatedly shown the ability to exploit mobile apps on the user’s device to commit financial fraud and data theft.

green_gears_app

How Your App is Being Exploited On-Device

Use screen overlay attacks to steal credentials

Man-in-the-middle attacks to eavesdrop and redirect sensitive data

Abusing app permissions to record all keystrokes

Abusing inter-app communication to exfiltrate PII

Fake devices/emulators to impersonate real users

Use compromised devices to divert traffic to malicious destinations

How zDefend Secures Mobile Apps

Zimperium zDefend offers an outside-in approach to mobile in-app protection. It’s an SDK that enables the host application to detect and proactively protect itself by taking actions on the end user’s device, even without network connectivity. The SDK leverages z9, Zimperium’s patented machine learning-based threat detection engine. The on-device actions are configured within the application. They can be updated in real-time without publishing a new version making it practical and scalable across large install bases. zDefend’s mobile RASP capabilities allow continuous monitoring, protection, and effective threat modeling within the mobile DevSecOps life cycle.

Key Detections to Prevent Runtime Exploitation

Malware

Unsafe Networks

Emulators

Compromised Devices

Rooting Detection Evasion

Woman hands buying online with a smart phone in the street in front a store

Hooking Frameworks

App Tampering

System Tampering

Privilege Escalation Detection

Device Security Disabled

What zDefend Protects Mobile Apps Against

Download Solution Brief

Platforms Supported

Why Zimperium for RASP Mobile Security?

Advanced machine learning-based
behavior detections

Restrict access & disable
features when risk is unacceptable

Update in-app protection
policies in real time

SDK optimized for size and
performance

Minimal app permissions to
preserve privacy

No PII data taken off the
device

Learn how our customers are leveraging zDefend to proactively prevent fraud and theft

Anti-Malware To Prevent Account Takeover Fraud

A Fortune 500 bank was looking to protect their customers and bankers from malware-driven fraud on their mobile devices. Existing traditional fraud platforms were siloed and provided little threat visibility and protection against fraud attempts via the mobile app. Within the first six months of embedding zDefend in their digital banking apps, they realized that their app was running on 18,000 devices with malware, 120,000 compromised machines, and 2 million risky devices. They are deploying zDefend’s on-device actions to prevent users from accessing and conducting high-risk transactions in untrusted environments to minimize fraud risk and exposure.

Contact Us to Learn More

Prevent Mobile Banking Fraud With Compliance Grade Security

A Fortune 200 bank in Europe was concerned that their current mobile applications security posture was insufficient. Banking regulations mandated anti-malware protection, and they realized signature-based protections were impractical. The enterprise began by embedding zDefend into iOS applications that serve over 5 million customers. In the first six months, they gained visibility into 500+ app tampering attempts, 30,000+ malware infected devices, and 25,000+ risky devices running their apps. They are employing zDefend to embrace compliance-grade security and systematically reduce risk.

Contact Us to Learn More


“Through 2022, mobile application security failures will be the biggest mobile threat for enterprises.”

– The Gartner “Avoid Mobile Application Security Pitfalls” Report
(Refreshed 27 January 2022, Published 27 July 2020; Dionisio Zumerle)

Recommended Reading

Sign Up For Our Newsletter

Get the latest Mobile Security News and Updates in your inbox

Get started with Zimperium today