Summary is AI-generated, newsdesk-reviewed
  • Mobile bots bypass security using emulators, runtime tools, and repackaged apps.
  • Bots perform account takeovers and payment fraud within insecure mobile apps.
  • Over 600 bot samples in recent campaigns highlight the growing mobile security threat.
Related Links

Zimperium has drawn attention to the increasing risk posed by mobile bots operating within trusted applications.

These bots signify a novel type of automation, sidestepping conventional protective measures, such as CAPTCHAs, rate limits, and multi-factor authentication, thereby rendering them nearly indistinguishable from actual users and facilitating large-scale fraud.

Distinguishing mobile bots

This tactic results in various forms of fraud, including account takeovers, loyalty abuse

Unlike their web-based counterparts that generate suspicious network traffic, mobile bots operate on the client side, embedded within the application.

They exploit APIs, sessions, and the app's internal logic, making each action appear genuine to the backend servers interpreting them. 

This tactic results in various forms of fraud, including account takeovers, loyalty abuse, and payment fraud, especially in apps insufficiently equipped to counter these threats.

Techniques employed by mobile bots

Mobile bots utilise diverse techniques to remain undetected and expand their influence, such as:

  • Emulators & Device Farms – Imitate thousands of real devices concurrently.
  • Runtime Injection Tools – Modify app logic in real time to bypass security protocols.
  • Repackaged Apps – Integrate bot code into modified versions of authentic applications.
  • Malware on Devices – Intercept app communication and automate internal actions.
  • Accessibility Abuse – Simulate user interactions like tapping, typing, and navigation within apps programmatically.

These methods make mobile bots increasingly challenging to detect and scale up in operation.

Enterprise risks and current threat landscape

Mobile applications have evolved into crucial access points for customer engagements, encompassing activities, such as logins, bookings, payments, and even healthcare records. Some mobile apps also underpin vital enterprise functions. Therefore, mobile bots are escalating beyond mere nuisances to significant business risks.

These bots operate from infrastructure controlled by attackers using emulators and device farms, or they reside silently on compromised devices, conducting fraudulent activities or disseminating malicious links. Recent investigations have identified over 600 bot samples and more than 50 dropper variants, underscoring the accelerated pace of this growing threat.

Learn why leading casinos are upgrading to smarter, faster, and more compliant systems

Show full press release

Related videos

Insta DomainLink Secret™

Insta DomainLink Secret™
Wan 2.2-S2V demo video: Female singer

Wan 2.2-S2V demo video: Female singer
Dahua MultiVision Online Event - Look Wider, Protect Deeper

Dahua MultiVision Online Event - Look Wider, Protect Deeper

In case you missed it

What are emerging applications for physical security in transportation?
What are emerging applications for physical security in transportation?

Transportation systems need robust physical security to protect human life, to ensure economic stability, and to maintain national security. Because transportation involves moving...

Gallagher & Fortified enhance perimeter security solutions
Gallagher & Fortified enhance perimeter security solutions

Global security manufacturer - Gallagher Security is proud to announce a strategic partnership with Fortified Security, a pioneering perimeter systems integrator with over 30 years...

Genetec: Data sovereignty in physical security
Genetec: Data sovereignty in physical security

Genetec Inc., the global pioneer in enterprise physical security software, highlights why data sovereignty has become a central concern for physical security leaders as more survei...

Featured white papers
Aligning physical and cyber defence for total protection

Aligning physical and cyber defence for total protection

Download
Understanding AI-powered video analytics

Understanding AI-powered video analytics

Download
Enhancing physical access control using a self-service model

Enhancing physical access control using a self-service model

Download
How to implement a physical security strategy with privacy in mind

How to implement a physical security strategy with privacy in mind

Download
Security and surveillance technologies for the casino market

Security and surveillance technologies for the casino market

Download
More corporate news
FLIR G609: Revolutionising furnace inspections

FLIR G609: Revolutionising furnace inspections
Oncam's new direct-to-cloud video platform

Oncam's new direct-to-cloud video platform
Princeton Identity expands team with Brian K. Tuskan

Princeton Identity expands team with Brian K. Tuskan
Featured products
Dahua Smart Dual Illumination Active Deterrence Network PTZ Camera

Dahua Smart Dual Illumination Active Deterrence Network PTZ Camera
Hikvision DS-K6B630TX: Smart Pro Swing Barrier for Modern Access Control

Hikvision DS-K6B630TX: Smart Pro Swing Barrier for Modern Access Control
Climax Mobile Lite: Advanced Personal Emergency Response System (PERS)

Climax Mobile Lite: Advanced Personal Emergency Response System (PERS)