Behavioural analytics is a powerful tool for detecting behavioural manipulation, particularly in the context of scams and social engineering. However, the landscape shifts when it comes to mobile malware. This blog explores the effectiveness of behavioural analytics in detecting mobile malware within consumer journeys and compares it to other methods such as device risk engines and threat intelligence.

1. Behavioural Analytics: A Powerful Tool for Detecting Behavioural Manipulation

Behavioural analytics excels at identifying deviations in user behaviour that may indicate manipulation. By analysing patterns such as keystrokes, navigation, and interaction timing, it can uncover anomalies that suggest fraudulent activity. This is particularly effective in social engineering scenarios, where victims are manipulated into performing unauthorised actions.

2. Mobile Malware Detection: Beyond Behavioural Analytics

Unlike scams, mobile malware can be detected using additional methods such as device risk engines and Indicators of Compromise (IoCs) or Tactics, Techniques, and Procedures (TTPs) collected through threat intelligence. These methods offer a more comprehensive approach by identifying technical markers and known malicious behaviours.

3. Accuracy and Reliability of Device Risk Engines

Device risk engines are generally not prone to false positives in the way behavioural analytics might be. They rely on definitive technical indicators such as misuse of accessibility permissions, screen overlays, and sideloaded malicious code—offering high-confidence alerts.

4. Cost-Effectiveness of Device Risk Engines

Device risk engines are also more cost-effective in terms of cloud computing resources. By leveraging edge AI and local processing, they reduce the need for heavy cloud-based computation, lowering operational costs.

5. The Complementary Role of Behavioural Analytics

In certain cases, behavioural analytics can complement device risk engines. For example, it can help reaffirm that manipulation is taking place—even when the malware is previously unknown—by detecting suspicious deviations in behaviour. This combination boosts overall detection capability.

6. Conclusion: The Best of Both Worlds

Behavioural analytics is highly effective in detecting scams and social engineering due to its sensitivity to behavioural changes. However, when it comes to mobile malware, device risk engines, enhanced by threat intelligence, provide a more accurate and efficient solution. While behavioural analytics should remain part of the fraud detection toolkit, it is often not the most suitable method for identifying malware.

ThreatFabric Fraud Risk Suite (FRS)

ThreatFabric’s Fraud Risk Suite (FRS) offers a holistic solution by combining behavioural analytics with device risk engines. FRS leverages multiple AI models to detect behavioural anomalies and integrates device intelligence to identify technical signs of malware. This dual approach ensures high accuracy in detecting both social engineering scams and mobile malware.