Using machine learning to detect malicious packages

Staying up to date with new technology in today’s advanced digital age is a challenge many, if not all, enterprises face. As more and more organizations begin to implement a successful digital transformation, the need for secure web/mobile applications is becoming increasingly important. 

Spyware in particular is a formidable type of malware that continues to plague the industry. Keyloggers and screen overlays are common scourges of mobile applications. Other types of malware such as SharkBot and Flubot have cropped up and wreaked havoc on enterprises and consumers alike.   

These types of malware can hide in the runtime environment of apps that are released “in the wild”. Keyloggers capture keystrokes of consumers and thus are commonly used to steal credentials and other sensitive data. Overlays such as Magecart.js are used to create “phantom” UIs that encourage consumers to enter data that is then harvested by crackers or bad actors. That data is then either sold on the dark web or used as part of a broader Advanced Persistent Threat campaign.   

How can you prevent these kinds of attacks? 

Digital.ai App Security (formerly Arxan) released our first version of Malicious Package Detection (MPD) in May of 2021. Then, as now, Malicious Package Detection finds harmful software that hides in the runtime of your apps. As of December 22, 2021, we updated our MPD capabilities to include a greater than 10x increase in the size of our virus signature database as well as 24/7 real-time updates to our database. We make updates as information about new forms of malware is detected and collected. Malicious Package Detection comes with App Protection for Android. 

The Digital.ai difference 

The original release, as well as the latest release, features an algorithm that is driven by machine learning to stay up to date with the latest malicious packages. When Malicious Package Detection runs, it performs a scan of all installed apps in the user’s environment. The algorithm is constantly learning and evolving. The original release, as well as the latest release, features an algorithm that is driven by machine learning to stay up to date with the latest malicious packages. When the guard runs, it performs a scan of all installed apps in the user’s environment. The algorithm is constantly learning and evolving. 

As with the original release, this improved Malicious Package Detection works in conjunction with App Aware (formerly known as Threat Analytics) to allow customers to program an app to take defensive action when a Malicious Package is found. The new Malicious Package Detection can be used in conjunction with the many other protections we offer such as Root detection, Frida detection or Virtual Control detection within your Android apps.   

For more information about Malicious Package Detection, contact Digital.ai/support.