Detecting agentic AI malware on mobile devices

Appdome’s new Detect Agentic AI Malware plugin uses behavioral biometrics to detect the techniques that malicious or unauthorized AI Assistants use to interact with an Android or iOS application in real time.

Cybercriminals are now deploying agentic AI malware on mobile devices to wreak havoc on users. According to a report by Appdome, agentic AI Assistants such as Apple Siri, Google Gemini, Microsoft Copilot, OpenAI ChatGPT, and others are increasingly being used by agentic AI malware and trojans.

These malicious AI Assistants are exploiting access to perform data harvesting, session hijacking, and account takeovers often under the guise of legitimate AI functionality. On Android, this risk is amplified by more permissive APIs. On iOS, threats extend to mirroring-based leaks (via AirPlay) and enterprise-targeted surveillance.

According to security researchers, these apps often masquerade as legitimate voice assistants, and once granted access, can silently monitor users’ activity. Furthermore, when coupled with generative AI models, attackers can script automated reconnaissance, tampering, or replay of sensitive operations inside apps.

As such, detecting and controlling the use of these tools is a must-have capability for any mobile defense strategy. For Appdome, the ability to detect and defend against Agentic AI Malware and unauthorized AI Assistants controlling Android & iOS devices and applications is imperative.

The leader in protecting mobile businesses recently unveiled a new Detect Agentic AI Malware plugin that allows mobile brands and enterprises to know when Agentic AI applications interact with their mobile applications and use the data to prevent sensitive data leaks and block unvetted on-device AI Agents from accessing transaction, account, or enterprise data and services.

Specifically, Appdome’s new Detect Agentic AI Malware plugin uses behavioral biometrics to detect the techniques that malicious or unauthorized AI Assistants use to interact with an Android or iOS application in real time.

This includes official, third-party, or wrapped AI apps that impersonate trusted tools or gain elevated permissions. Mobile brands and enterprises can use Appdome to monitor AI Assistant use or detect and defend against Agent AI Assistants using multiple evaluation, enforcement and mitigation options.

The challenge in protecting mobile devices

According to Jan Sysmans, Mobile App Security Evangelist at Appdome, trojans and other types of social engineering attacks, are making traditional security products just not capable of defending against these latest and emerging threats that AI is presenting.

“We are uniquely positioned to help brands protect their consumers against scams, account takeovers, deepfake, Face ID bypass, and such. At Appdome, we have an AI-native platform to protect mobile business, so that these brands can protect their consumers against scams, fraud, account takeovers, social engineering attacks, deepfake attacks and more. They can protect their business against fraud. They can protect their network against bot attacks and still achieve regulatory compliance without these data and code level protections,” explained Sysmans.

Sysmans pointed out that in 2025 alone, AI-driven cyberattacks like deepfake and face ID bypass attacks have completely undermined and destroyed the trust that companies and users have in their biometric authentications.

“We all thought that these annoying liveness checks on mobile devices won't be very good because it's annoying, and it doesn't work, and you've got to position yourself correctly, be in the light and such. But now, this is what it takes to be really secure. However, they're all SDK-based, and they can be bypassed. And the SDK vendors don't have a solution for it. And that's the scary truth,” said Sysmans.

Based on Appdome’s telemetry data, there is an emergence of such attacks. What’s needed now is an AI-native solution that can detect these new threats when they're happening and start defending against that.

“People are spending an enormous number of resources trying to get this right and do all of that stuff. eKYC is predicated upon liveness checks, it's predicated upon face IDs, it's predicated on a whole set of what was considered to be unique methods. But the vendors of those solutions, they're all SDKs, and these criminal organizations have found ways around the SDKs and bypass the SDKs, and that is the scariest part of the story,” he explained.

Crashing apps don’t solve the problem

An interesting point highlighted by Sysmans is that Appdome reacts differently when it comes to dealing with malware apps. Typically, most security products crash into an app as enforcement whenever any threat is detected. However, Sysmans pointed out that there is a problem with this.

Specifically, most app stores are now focused on enforcing a very high crash-free rate. This includes having low Application Not Responding rates as well. App stores generally will not promote apps that have high crash rates.

“What Appdome does differently is that we don’t crash an app. Instead, from a technical standpoint, what we do is we use a secure close. And the reason why Appdome doesn’t use crash for defense, is that when an app is closed, an attacker can hook into the close process and continue attacking the app. What we found a way is to protect the close process, before we say secure close, so that nobody can hook into the app. So, an Appdome-protected app has no impact on your crash-free rates,” he explained.

At the same time, Sysmans also pointed out that most developers today are focused on having high crash-free rates and perfecting the user experience. Hence, the moment app protections negatively impact the user experience or increase crash rates, developers go in and take the protections out.

The problem here is that when they do that, developers don’t update cybersecurity teams. So, the cybersecurity team assumes that the protection is in place when in reality they have been removed by the developers.

The AI vs AI era

For Sysmans, as the world moves towards a war with AI-driven threats, be it on apps on mobile devices or on the cloud or almost anywhere today, the reality is it's only the beginning of how bad the situation can be.

“The AI transformation has only been around for a few years. For agentic AI, we can say there will be a bigger increase in the second half of the year. This is going to happen fast and if cybersecurity teams want to be relevant, they have to be AI-native. This is where customers and brands need to move. They have to go to an AI-native defense strategy, using AI-native defense solutions to stay ahead of this onslaught that is coming. And that's what we're seeing with our customers and the industry now,” said Sysmans.

Looking at the number of Gen-AI security companies around today, everyone is just changing their position to AI. A good AI model for Sysmans is predicted on the data and he highlighted that Appdome’s been using machine learning and AI for many years.

“We're on the fourth generation of our platform right now, for ten-plus years, where we're using machines to build security. And the more data we get, we build our AI engine on that. And so right now we have a very high number of data points that we have used to train our AI engine to be able to correctly build a security model. And then, we use AI to analyze all of this threat telemetry data so that we get to understand the landscape in which an app is,” concluded Sysmans.