Mobile malware

Mobile malware is used by fraudsters to harvest information or allow a fraudster
to take administrative control of the device to intercept information
such as login credentials or one-time passcodes.

Learn more

Problem overview

Mobile malware comes in many forms and is distributed in several ways. Clever social engineering schemes are created to get users to download malware onto their devices, most often through a phishing email, SMS text message, or phony app. While Apple iOS is a target, mobile malware predominantly impacts Android devices. Once infected, mobile malware is capable of hijacking the operating system and taking over a user’s device.

Detecting malware on mobile devices has relied heavily on traditional anti-virus (AV) scanning technologies, which look for the name of the suspicious package and regularly monitor apps and their hashes for the malware. However, as has been witnessed in the online channel for years, AV detection comes with limitations, as malware is designed to change its files frequently in order to evade detection.

Behavioral biometric intelligence looks at swipe events, touch areas, device movement, navigation patterns, and other behavioral cues to detect the presence of malware. When compared to historical genuine sessions, behavioral data provides strong indicators to detect a significant number of mobile malware cases.

View Solution Brief

How banks use behavior to detect mobile malware 

99 %

Detection rate of BioCatch solution for malware attacks

500 k

In fraud losses saved over a five-month period


Fraud sessions with malware stopped


The many faces of mobile malware

Nearly three out of four fraud events target users in the mobile channel. Using behavioral data is an innovative way to uncover malware by looking at the way a session is conducted to infer whether it is a human behind the activity or if there are indicators of manipulation. Download the white paper to get an inside look at how behavioral data is being leveraged to detect popular financial malware variants and how global banks are using it to successfully prevent account takeover.

Read White Paper
Rectangle 2890
Additional account takeover
use cases 

Credential Stuffing

Most organizations have bot mitigation controls in place to detect credential stuffing and other automated attacks. To circumvent these controls, fraudsters have started to abuse legitimate open banking platform providers to test batches of credentials and reverted to testing smaller, more frequent batches instead of testing at scale. 

Learn More  >

Phishing Site Detection

Over 90% of all cyber attacks start with some form of phishing via email, text message, or phone call. While phishing attempts used to be easy to spot due to multiple spelling errors and poor grammar, fraudsters now have access to AI tools such as ChatGPT to help them craft well-written messages capable of tricking even the savviest users.

Learn More  >

SIM Swapping

Financial fraud involving SIM swapping is growing in several regions around the world. Not all cases of stolen device fraud require a SIM swap. In these cases, often carried out by highly organized criminal gangs, fraudsters use password engineering to unlock the device. 

Learn More  >

Remote Access Attacks

Legacy fraud prevention controls have limited or no ability to detect remote access attacks. When a RAT is present on a user’s device, the bank’s systems detect a genuine device fingerprint, with no traces of proxy, code injections, or malware, and with the proper IP and geo-location. 

Learn More  >

Request an intelligence briefing

Join us for a 30-minute deep dive with a BioCatch expert to learn the latest tactics, techniques, and procedures (TTPs) fraudsters use to scam your customers
and harm your brand.

Request a Briefing