Book a meeting

98% of top Android apps do not detect Frida, a common hooking framework 

Fall/Winter, 2024

Most leading Android applications are ill-prepared to detect dynamic instrumentation attacks using Frida. With only about 2% of top apps actively identifying and countering unmodified Frida attempts, this study highlights a widespread vulnerability and an urgent need for improved defenses. As attackers refine their evasion techniques, developers must evaluate if their apps should use more advanced detection methods to protect user data and maintain app integrity.

Read the report to:

  • Discover that only 3 out of 144 tested top-tier Android apps effectively detected Frida’s presence.
  • Learn how attackers modify Frida to bypass traditional detection.
  • Explore how future defenses may rely on machine learning, hardware-based checks, and continuous adaptation to stay ahead of evolving threats.
App Threat Report FallWinter 2024 (1)

Promon discovers Snowblind, a novel Android malware

Q2, 2024

In early 2024, our partner i-Sprint provided a sample of a new Android banking trojan we have named Snowblind. Our analysis of Snowblind found that it uses a novel technique to attack Android apps based on the Linux kernel feature seccomp.

Read the report to:

  • Learn how Snowblind misuses seccomp as an attack vector
  • Understand what Snowblind's goal is, and how it relates to the Android malware FjordPhantom
  • See a demo of Snowblind in action
  • And more!
Copy of snowblind website image

The State of iOS App Security

Q1, 2024

In this report, our team examines iOS app security, specifically if iOS apps can defend against repackaging, which means that an attacker obtains a copy of an app, modifies it and then repackages it into a new version of the app with modified behavior that will successfully run on a device.

Download the report to learn about:

  • Why iOS apps are perceived as more secure, and what is the reality?
  • Bypassing iOS app encryption
  • Risks posed by app repackaging
  • Repackaging prevention and OWASP MASVS compliance
  • The results from our real-world testing of how 100 of the world’s most downloaded iOS apps performed against a standard repackaging attack
The State of iOS App Security

FjordPhantom Malware Defense in Banking Apps

Q4, 2023

In late November, Promon uncovered a new malware targeting banks in Southeast Asia, dubbed FjordPhantom. FjordPhantom was particularly insidious, combining social engineering with advanced malware to commit fraud.

To explore the malware defense posture of banking apps, we looked at how over 100 of the world’s most-used banking apps performed against FjordPhantom. Download the app threat report to discover the results and their implications.

FjordPhantom Malware Defense in Banking Apps

The State of Payment Apps’ Malware Defense

Q3, 2023

In our Q3 report, our team used the screen reader previously used against the world’s most-used financial services apps. This screen reader exfiltrates data like real-world malware. We used this tool to see if we could extract sensitive information from 73 of the world’s most-used payment apps to assess their security level and understand how they tackle a common malware-style exfiltration attack.

Download the report to learn about:

  • Android Accessibility services and how malicious actors exploit them to spread malware
  • The results from our real-world testing of how 100 of the leading Android payment apps fare against screen reader attacks
  • Don’t miss our Security team’s recommendations to stay one step ahead of cyber threats
The State of Payment Apps’ Malware Defense

The State of Financial Services’ Malware Defense

Q2, 2023

Malware continues to target financial services apps. According to SecureList, more than 57,000 banking trojans were observed in Q1 2023, up 19% over Q4 2022. These trojans can steal customer credentials, observe, and record personal data and sometimes conduct transactions.

Download the report to learn about:

  • Android Accessibility services and how malicious actors exploit them to spread malware
  • The results from our real-world testing of how 100 of the leading Android banking and financial apps fare against screen reader attacks
  • Don’t miss our Security team’s recommendations to stay one step ahead of cyber threats
The State of Financial Services’ Malware Defense

The State of Game Security

Q1, 2023

This report reviews mobile gaming security, exploring how the top games by revenue protect themselves against hooking frameworks, repackaging, and rooted devices.

Our Q1 report explores the overall security level for mobile games. To assess that level, we checked more than 350 Android games to see how they fared against our repackaging attacks, deployment of hooking frameworks, and how they handled the detection of a rooted device. Initial results showed that most apps were vulnerable to our attacks.

Cover-page-1

The State of Repackaging

Q4, 2022


Securing today’s mobile applications requires protecting not only the app code while at rest, but also the entire app process when in runtime. As attacks have grown more sophisticated, so too have the tools and techniques to mitigate and protect against these attacks.

Our Q4 report specifically explores repackaging, a code alteration or injection attack primarily directed at Android apps, in particular banking and finance apps. In the report, you will find a short primer on repackaging, followed by a review of the hundreds of financial services apps across various sectors, install bases and regions to assess the overall level of security against this common attack.

The State of iOS App Security