Description

Hooking involves attaching frameworks like Frida to an application’s APIs to intercept data. This can allow reverse engineering, data extraction, and manipulation of the application during runtime. Detection of hooking frameworks can also detect the use of virtualization.

Virtualization or emulation refers to running the application in virtualized environments like iOS or Android device emulators. App development frameworks like Android Studio usually contain emulators for debugging and instrumentation. Emulators may be used for attacks as well as development.

Response Guidance

Hooking and virtualization/emulation should not occur during normal use. Verimatrix recommends suspending the associated app instances. If these attacks become more frequent, consider redeploying the app with a new protection run benefitting from polymorphism.