Real-time AI for instant classification of new malware variants

In the realm of banking and financial institutions, the specter of new malware variants looms as an imminent security challenge.

Traditionally, new malware is identified only after it inflicts harm. Investigators carefully examine traces and patterns, deciphering its signature after the attack, to then fortify defenses for future encounters.

However, in today's landscape, new malware variants arise and propagate swiftly on a vast scale, making this conventional approach vulnerable to exorbitant losses and severe reputational harm.

This is why banks must mitigate the perils posed by new malware variants by adopting proactive threat detection systems and by introducing appropriate incident response protocols.

In this article, we’ll explain what new malware variants are and how Cleafy leverages real-time AI for their instant classification. 

A new malware variant is a completely new version of malware, that has been created starting from a malicious software codebase. It is therefore new and unknown, as it has not been discovered, analyzed, or classified by security researchers or antivirus companies.

It poses a significant threat to companies because traditional security measures and antivirus software may not be equipped to identify or defend against it, and cybercriminals can exploit it to launch attacks on infected systems without detection.

A new malware variant is typically distributed through various vectors, including malicious email attachments, compromised websites, Mobile Application Store, phishing websites, and smishing with links.

Once the malware gains remote access control of the targeted device (Device Takeover - DTO), it can perpetrate fraud via Account Takeover (ATO), or via transaction tampering (Automate Transfer System - ATS), by stealing sensitive data and credentials, or reading OTP codes.

To defend against new malware variants, organizations, and threat hunters need to employ advanced threat detection and analysis techniques, such as content integrity check, behavior-based analysis, or anomaly detection supported by dedicated ML and AI engines.

In the cybersecurity world, a new malware variant is born every day. Starting from well developed and tested malicious codebase, criminal organizations create variants to hit specific banks via well-targeted campaigns.

This is particularly true in the mobile segment, where cybercriminals spot more opportunities to attack customers and perpetrate fraud. The more we use our mobile devices, the higher the chances of falling into cybercriminals traps. 

The ability to quickly detect new malware variants is essential to prevent your customers from being hit. 

When it comes to malware, the term classification refers to the process of identifying the malicious codebase, also called the ‘malware family’ the new variant belongs to. This is a crucial step for isolating the so-called malware signature. 

A malware signature is a unique, recognizable pattern or code within malicious software that allows antivirus and security software to identify and detect the presence of that specific malware. 

Malware classification and signature identification is generally a complex process, which might take weeks or months, depending on the technology used, the experience of the analysts, and the complexity of the threat itself.

A malware is detectable only once its signature is identified.

The detection is based on matching the information received from the client’s systems telemetries to the database of malware signatures.

An effective classification of new malware variants allows cybersecurity professionals to understand the nature and behavior of these threats, enabling them to create timely solutions to safeguard systems and networks.

Moreover, categorizing and tracking new malware facilitates the development of better proactive security measures and helps organizations stay ahead of cybercriminals, reducing the potential impact of attacks.

Real-time AI is a new player that already has a crucial role, as it helps analysts to dramatically speed up the classification and identification process and therefore work faster to protect online banking customers. 

By combining multiple patented technologies, Cleafy has proved highly efficient in detecting new malware variants before they strike. 

Thanks to the full content integrity check our platform can detect the slightest tampering within the content of the app or web-app, and create detailed reports that are sent in real-time to the central intelligence, the ASK system.

What makes Cleafy so powerful is the fact that the ASK system leverages our AI engine which is continuously enriched with the information gathered by Cleafy LABS, our Threat Intelligence team. This means that we include all the details of even the most advanced malware that might target your customers.

It is important to stress the importance of having a rich database of malware families to classify any variants of those families. Thanks to Cleafy technology, the TI team has identified brand new malware families over the years, starting from the so-called zero-day malware. 

You might have heard of Teabot and Sharkbot families, which include advanced techniques to perpetrate fraud via remote access ATO or even ATS.

Once the new malware variant gets detected on your digital channels, Cleafy allows you to set up the most appropriate response, tailored to the customer’s needs, via smart rules.

At Cleafy, we have developed a brand new AI module to further enhance our malware classification capabilities. Let’s see how it works. 

The Cleafy platform has complete visibility of what’s happening on the bank’s digital channels, including every single micro-detail of each session. This makes it possible to detect any anomaly within the banking app or the customer’s device.

When an anomaly is detected, the session is marked as anomalous, and the bank's fraud team gets alerted.

At the same time, the Cleafy platform sends a detailed report to the central intelligence, the ASK system.

That’s when our new advanced AI module kicks in, by classifying the new malware in seconds: the malware family is identified and the new malware’s signature is isolated. 

The new AI module leverages a machine learning model that has been trained with high-quality data collected by the Cleafy platform across the years and with all our clients: this means millions of transactions, detailed reports, and human expertise from our team.

With the new AI-driven development, Cleafy brought the classification of new malware variants from days/weeks to minutes/seconds!

The newly isolated malware signature is immediately propagated to all instances of the Cleafy platform (not only at the client's where the new malware first appeared). That means all Cleafy’s customers can detect the new malware in real-time, a few minutes after the new variant's first appearance.

It is important to stress another point here: the detection of the newly classified malware is done in real-time because with Cleafy technology there is no need to carry on any time-consuming retro-matching activity to be able to detect the new malware on your customers’ devices. 

We call it continuous matching, the capability to detect malware in real-time as it appears.

Thanks to real-time AI mechanisms developed by our team, we are able to quickly classify a new malware, and therefore isolate its signature. 

Then, we can instantly propagate this signature to all our clients and use it for instant real-time detection, thanks to our continuous matching approach. 

At that point, if the new malware is actually detected, the bank’s analysts get all they need to understand its whereabouts and capabilities directly within the platform, together with suggestions for the response rules to activate to ensure an optimal security posture.

The benefit is that every bank inside Cleafy’s network is protected in real-time against new malware variants, without having to be hit first.

If you want to leave any malware behind, book a free consultation with our experts.