New capabilities from ThreatMetrix provide an integrity check of the mobile application it’s protecting to ensure it has not been compromised.
Fraud prevention and security solutions specialist ThreatMetrix announced the update to its Fall 2014 product, which includes mobile application security and scans all installed mobile applications to verify their reputation though the company’s Global Trust Intelligence Network.
Thanks to a partnership with threat detection specialist Webroot, this will now be done through integration with the company’s BrightCloud Mobile App Reputation Service to detect the presence of malicious or unwanted apps in order to reduce the risk of personal information theft.
"ThreatMetrix identified a need to augment its mobile SDK with app rep data to help address fraudulent apps. ThreatMetrix and Webroot technologies are complimentary in that ThreatMetrix can use the Webroot app rep service to augment its anti-fraud capabilities," Scott Merkle, vice president of enterprise and OEM sales at Webroot, told eWeek. "Additionally, we sees ThreatMetrix as a strategic partner for the Webroot BrightCloud Mobile App Reputation Service given the broad distribution of its SDK, which provides improved visibility to apps used by end users worldwide."
The new capabilities from ThreatMetrix provide an integrity check of the mobile application it’s protecting to ensure it has not been compromised or contain malware.
In collaboration with Webroot, these new data collection and analysis features, together with existing mobile detection and analysis capabilities, such as root detection, deliver a security risk profile of each user’s device.
"The continued proliferation of smart phones and BYOD in the workplace have provided cybercriminals a prime opportunity to target individuals and businesses, especially through mobile applications loaded onto relatively unsecured devices by unsuspecting individuals," Merkle said. "The Webroot Mobile Threat Research team continues to see a steady growth in the percentage of applications that exhibit malicious or suspicious behavior, such as accessing contacts, geo-location and other personal information, and sending data to unauthorized remote locations."
He explained consumers risk having their personal information stolen, which can then be used to open fraudulent accounts, create bogus identities, or access banking information.
For instance, in some regions a common tactic is to send SMS messages to paid services, enabling cybercriminals to make money off the owner of the phone.
In addition, the Persona DB capability enables organizations to privately store user or customer-identifying attributes, characteristics, and behaviors.Any data relevant to authorizing visitor access can be stored, including information such as normal usage locations, mobile phone numbers for step-up authentication, compromised IP or email addresses, banned country lists for compliance and countless other data elements.
This feature enables ThreatMetrix customers to perform a customizable user, device, and behavior analysis for each access or transaction attempt in real time.
"The trend of more applications on the Android platform – especially from third party sites – continues to grow, and the risk to individuals and businesses will only continue to increase," Merkle said. "As cybercriminals continue to have success against unprotected mobile phones, more will join the fray as it becomes more widely recognized as a potentially easier target to exploit."