Virtualization and Emulator Detection

Emulators are legitimate tools widely used during the development and testing of applications. However, these environments are often exploited by fraudsters to create device farms, known as device farms, with the goal of automating interactions, simulating multiple users and carrying out large-scale frauds .

MAD allows the application to identify if it is running in an emulated or virtualized environment, rather than on a real physical device. This type of detection is essential to prevent malicious actors from analyzing, manipulating or automating the application's behavior in artificial and controlled environments, commonly used for reverse engineering, abusive testing, targeted attacks and mass execution of automated actions.

Technical Mechanism: MAD detects emulation and virtualization by analyzing a combination of runtime environment indicators, including characteristics of the virtualized hardware, properties of the operating system, inconsistencies in physical sensors, performance patterns and typical artifacts of emulated environments. From this correlation of signals, the RASP identifies attempts to run the application outside its legitimate usage environment and triggers the configured response measures, aiming to mitigate automated attacks, prevent improper virtualization of the application and reduce the attack surface.

<emulatorDetection> 
    <enabled>true</enabled> 
</emulatorDetection>