HomeIntelligenceBrief
BREACH BRIEF⚪ Informational ThreatIntel

Darwinium Updates Mobile SDKs to Continuously Detect Remote‑Access Scams for Banks and Fintech

Darwinium has released new Android and iOS SDK capabilities that monitor mobile sessions for remote‑access fraud signals—including live‑call hijacking, screen‑sharing abuse, app cloning, emulator use, and GPS spoofing—helping banks, payment providers, and digital businesses stop scams that bypass traditional point‑in‑time checks.

LiveThreat™ Intelligence · 📅 May 20, 2026· 📰 helpnetsecurity.com
Severity
Informational
TI
Type
ThreatIntel
🎯
Confidence
High
🏢
Affected
2 sector(s)
Actions
3 recommended
📰
Source
helpnetsecurity.com

Darwinium Updates Mobile SDKs to Continuously Detect Remote‑Access Scams for Banks and Fintech

What Happened — Darwinium announced enhancements to its Android and iOS SDKs that continuously monitor mobile sessions for remote‑access fraud signals such as live‑call hijacking, screen‑sharing abuse, app cloning, emulator use, multi‑profile devices, and GPS spoofing. The updates are aimed at banks, payment providers, and other digital businesses that embed the SDK in customer‑facing apps.

Why It Matters for TPRM

  • Remote‑access scams can bypass point‑in‑time authentication, exposing your organization to financial loss and regulatory breach.
  • Continuous‑session monitoring expands the security perimeter of any integrated partner, reducing downstream fraud risk.
  • Early visibility into session‑level abuse helps satisfy AML, KYC, and PCI‑DSS monitoring requirements.

Who Is Affected — Financial services (banks, payment processors, fintech), digital commerce platforms, gaming & gambling operators, and any SaaS that embeds mobile SDKs for transaction flows.

Recommended Actions

  • Review contracts with mobile‑app vendors to confirm they incorporate Darwinium’s latest SDK or an equivalent continuous‑session monitoring solution.
  • Validate that the SDK is deployed across all customer‑facing apps and that logs are fed into your SIEM for third‑party risk dashboards.
  • Update your TPRM questionnaire to include questions on remote‑access fraud detection capabilities.

Technical Notes — The SDK leverages behavioural analytics to flag live‑call activity on Google Meet, Microsoft Teams, and Slack, and distinguishes benign casting from malicious screen‑sharing tools (e.g., TeamViewer). New checks cover app cloning, iOS‑on‑macOS emulation via PlayCover, component‑hash integrity, multiple user profiles, and mock GPS locations. No CVEs are disclosed; the update is a preventive control. Source: Help Net Security

📰 Original Source
https://www.helpnetsecurity.com/2026/05/20/darwinium-sdk-updates/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · SOC 2 Readiness

Access is where most audits get tested.

Verisq AI Trust Operations maps incidents like this to your access controls and collects the evidence continuously, keeping your SOC 2 posture defensible.

See where you'd stand with Verisq AI Trust Operations →