Darwinium Updates Mobile SDKs to Continuously Detect Remote‑Access Scams for Banks and Fintech
What Happened — Darwinium announced enhancements to its Android and iOS SDKs that continuously monitor mobile sessions for remote‑access fraud signals such as live‑call hijacking, screen‑sharing abuse, app cloning, emulator use, multi‑profile devices, and GPS spoofing. The updates are aimed at banks, payment providers, and other digital businesses that embed the SDK in customer‑facing apps.
Why It Matters for TPRM —
- Remote‑access scams can bypass point‑in‑time authentication, exposing your organization to financial loss and regulatory breach.
- Continuous‑session monitoring expands the security perimeter of any integrated partner, reducing downstream fraud risk.
- Early visibility into session‑level abuse helps satisfy AML, KYC, and PCI‑DSS monitoring requirements.
Who Is Affected — Financial services (banks, payment processors, fintech), digital commerce platforms, gaming & gambling operators, and any SaaS that embeds mobile SDKs for transaction flows.
Recommended Actions —
- Review contracts with mobile‑app vendors to confirm they incorporate Darwinium’s latest SDK or an equivalent continuous‑session monitoring solution.
- Validate that the SDK is deployed across all customer‑facing apps and that logs are fed into your SIEM for third‑party risk dashboards.
- Update your TPRM questionnaire to include questions on remote‑access fraud detection capabilities.
Technical Notes — The SDK leverages behavioural analytics to flag live‑call activity on Google Meet, Microsoft Teams, and Slack, and distinguishes benign casting from malicious screen‑sharing tools (e.g., TeamViewer). New checks cover app cloning, iOS‑on‑macOS emulation via PlayCover, component‑hash integrity, multiple user profiles, and mock GPS locations. No CVEs are disclosed; the update is a preventive control. Source: Help Net Security