Build38 logo


August 30, 2022

Mobile services: fraudsters never sleep

Mobile services fraudsters never sleep


Mobile services: fraudsters never sleep

Are you concerned that your company’s mobile apps are being hacked or attacked? Or are you firmly convinced that your mobile business apps are not at risk? At Build38 we have news for you: fraudsters never sleep.

Build38 was founded with a unique approach to Mobile App Security: Protection must be provided at two levels, hardening your mobile apps with strong protection measures from various mobile threats, and providing visibility and insights into how your security is doing. In other words a safe for your assets and an alarm system for them.

With this information, you can gauge your risk and compliance level and get an overview of your security landscape. These insights enable you to adjust your risk and service level or mitigate them early, as you can take specific action with our in-app reaction capabilities. Particularly your security experts and compliance department will value this type of information.

Build38 is sharing here insights and results of a data analysis spanning the month of April. At the same time we want to raise awareness that every app can be a potential target for hacking attempts while dispelling some mobile myths.


Confirming a cliché

You probably already have an idea of what an adversary looks like, likely based on what one can see in movies: a person who often works in secret at night. Here we would like to confirm this cliché:

> In this particular analysis, most hacking attempts actually take place between midnight and 6 a.m. with a peak at 3 a.m. CET while there is less activity in the morning and early afternoon, interrupted by what could be meal breaks. There is much less activity in the later afternoon and evening. It is likely that the attackers go out to dinner, meet with friends, or watch a movie on television _

The key message, however, is that the attacker is busy throughout the day. Fraudsters never sleep.


April 2022: Attacks on apps are happening around the clock.


The long tail of attack attempts

If we look at the distribution of attack attempts per app installed on a single mobile device, Build38 sees that only a few installed mobile apps are attacked with a very high number of attempts. The attack attempts on a single app installation can be as low as about 10.000 times in a week, but we have also seen automated attempts reach a peak of 400.000.

In general, the head of the long tail looks different each week. The head tail of attacks on different installed apps in a given week, includes up to 40, but can include as few as four different app installations. Build38 believes that these cases are highly automated and repeated attack attempts with a high level of criminal energy.

The long tail starts where we see a drastic drop in attack attempts. Here we see less than 5-10 attack attempts within a very short period of time. A fair assumption is that they are hobbyist attackers with some basic app hacking or reverse engineering skills that give up after the Build38 protected app repeatedly reacts self-defending.

CW25/2022: Long tail of attack attempts.


Types of attacks

Build38 registers all types of mobile attacks, ranging from static to dynamic attacks. For a given analyzed week most attempts are dynamic attacks where adversaries attached a debugger to the protected app and tried to understand the call flow of the app.

MITM attacks were also observed trying to capture the communication between the app and the app backend. The use of hooking frameworks indicates that those attackers are sophisticated and have a very good understanding of what they are doing and how to analyze apps.

Looking at the static attack side, most of the cases have been app lifting attempts, probably with the help of easy-to-use tools. This is particularly dangerous because in such cases if successful in distributing stolen apps – the service provider will suffer a significant loss of revenue.

To a lesser extent app repackaging attempts have been detected, which start with reverse engineering (decompiling the app) and adding malicious code or removing code. This type of attack can be attributed to people who have a good understanding of mobile app development as well. 

Mobile myths demystified

For those service providers that are already using Build38 mobile app security technology, they are fully aware of the risks associated with mobile apps and providing mobile services, such as revenue loss, reputational damage and data exfiltration. At Build38 we help them understand their exposure to fraudsters and as we have the visibility of this information across industries, markets and regions, can help them build the best preparation against those risks.

However, if you’re a staunch believer in the phrases “Why would anyone attack our mobile app?” or “We see nothing, so we’re secure” the data presented in this article shows that every app is a potential target for hacking attempts. We are happy to help you identify and understand those, protecting your app and keeping you informed about when, how, and how often your app is a target of hacking attempts.

Getting started with mobile app security for your business app

Providing excellent services through the mobile channel is a big challenge. Building secure applications that win customer trust is an added burden. At Build38 we can help you with that, reducing total costs and time-to-market for providing those services while you focus on your core business.

Strong security has several positive impacts in your business, such as helping you build trust with your customers, securing your reputation online and enable new business-cases. Online businesses have increasingly found themselves under attack from both rogue competitors and cyber criminals, who leverage security vulnerabilities in applications to gain access to sensitive user data or critical business assets. These attacks only reinforce why businesses need to work extra hard to prioritize application security in today’s digital landscape.

Build38 is proud to announce that we have been recognized as a Sample Vendor for the third consecutive year in the Gartner® Hype Cycle™ for Application Security 2022 report. We consider this recognition in the Gartner Hype Cycle for Application Security 2022 is also an assurance of our expertise and ability to protect all kinds of mobile applications from cloning, fraud, IP theft and other forms of abuse. Contact us to learn more about your potential security risks and Build38 mobile app protection solutions.


Related posts

Discover the next generation 
of mobile app security