Virtualization and Simulator Detection

MAD allows the application to identify whether it is running in a virtualized or simulated environment, rather than on a real physical device. This type of environment is often used maliciously for controlled analysis of the application, automation of interactions, and execution of large-scale attacks, increasing the attack surface and facilitating attempts at reverse engineering or manipulation of behavior.

This detection is essential to prevent malicious actors from analyzing, manipulating, or automating the application's operation in artificial environments, which do not represent legitimate usage conditions and can be exploited for abusive testing, targeted attacks, or mass execution of automated actions.

Technical Mechanism: MAD performs virtualization detection through the combined analysis of execution environment indicators, assessing operating system characteristics, available hardware behavior, inconsistencies in physical sensors, and anomalous execution patterns. From the correlation of these signals, the RASP identifies attempts to run outside the legitimate usage environment and triggers the configured response measures, reducing the application's exposure to automated attacks and improperly controlled environments.

<key>anti-simulator</key>
    <true>