The power of virtualization in the fight against mobile-based malware threats

It’s hard to imagine getting through the workday without relying on a mobile device. But that also makes them a valuable target for threat actors and an increasing concern for enterprise IT security administrators.

“Cybersecurity threats have been on the rise over the last decade, and mobile devices are at the forefront of that activity,” explained Amanda Gorton, co-founder and CEO of Corellium, in a recent Daily Scoop podcast interview produced by Scoop News Group and underwritten by Corellium.

With each security mechanism mobile device vendors implement, threat actors evolve and adapt techniques to overcome them, resulting in increasingly sophisticated mobile threat landscape and malware threats, she said.

“The old ways of confronting and handling these threats simply won’t work anymore. Government agencies need new tactics and tools if they want to stay a step ahead… [The Corellium] platform provides a groundbreaking virtual environment for better research development and testing on mobile devices. It gives developers the ability to spin up virtual iOS and Android devices with powerful built-in tools designed by security experts.”

Gorton shared that Corelium runs the same iOS and Android software and applications that would run on an actual device as a true virtualization tool to mimic the exact behavior of a production device and called this “a real game changer for mobile malware and cyber threat teams.”

Gorton discussed some practical ways malware researchers and security specialists can use Corellium to obtain and research malware samples.

“[Virtual devices] can be set up with custom target profiles and then used to attract malware attacks. It’s a practice called honey potting. And since the virtual device is essentially indistinguishable from a real device, It makes an ideal environment for attracting, capturing and analyzing the malware all in one spot,” she examples.

Additionally, virtual devices give security teams a safe place to detonate a suspected malware sample. And within Corellium, specific tools are available to analyze and inspect those malware samples deeply.

“For example, a very common practice in malware analysis is to do what’s called ‘hook a function’ — intercepting a message or an event to get a better idea of what the software is doing and how it’s doing it,” she said.

With Corellium, a researcher can hook at the hypervisor level and get a global view of activity on the device because, as Gorton explains, if the malware is sophisticated enough, it might detect that tools are looking at it. Then the code opts to remain inactive.

Listen to the full interview with Amanda Gorton and learn more about fighting mobile device malware.

You can hear the latest news and trends facing government leaders on technology, management and workforce on FedScoop and channels on Apple Podcasts, Google Podcasts, Soundcloud, Spotify and Stitcher.

This podcast was produced by Scoop News Group for The Daily Scoop Podcast and underwritten by Corellium.

Amanda Gorton is co-founder and CEO of Corellium, a development software that brings the power of virtualization to mobile, running Android, iOS and Linux on ARM-based servers. Combining the fidelity of native devices with the convenience of the cloud, Corellium empowers seamless, scalable solutions for the mobile ecosystem.