Appdome is the First to Detect Agentic AI Malware on Mobile Devices

Appdome, the leader in protecting mobile businesses, today announced the availability of new dynamic defence plugins to detect and defend against Agentic AI Malware and unauthorized AI Assistants controlling Android & iOS devices and applications. The new Detect Agentic AI Malware plugins allow mobile brands and enterprises to know when Agentic AI applications interact with their mobile applications and use the data to prevent sensitive data leaks and block unvetted on-device AI Agents from accessing transaction, account, or enterprise data and services.

Agentic AI Assistants—such as Apple Siri, Google Gemini, Microsoft Copilot, OpenAI ChatGPT, and others—are increasingly available to mobile users in consumer and enterprise environments. However, the same capabilities that make AI Assistants useful to consumers and employees can also be used by Agentic AI Malware and Trojans. Good and bad AI Assistants can gain broad runtime access to screen content, UI overlays, activity streams, user interactions, and contextual data. Malicious AI Assistants can exploit this access to perform data harvesting, session hijacking, and account takeovers—often under the guise of legitimate AI functionality. On Android, this risk is amplified by more permissive APIs. On iOS, threats extend to mirroring-based leaks (e.g., via AirPlay) and enterprise-targeted surveillance.

“Mobile brands and enterprises have quickly acknowledged the risk of Agentic AI Assistants on mobile devices,” said Tom Tovar, co-creator and CEO of Appdome. “Our new Detect Agentic AI Malware plugins give mobile brands and enterprises choice and control over when and how to introduce AI Assistant functionality to their users.”

Agentic AI assistants have wide appeal in internal enterprise and public-facing consumer use cases. However, in consumer use cases—like banking, eWallet, and healthcare applications—some brands might take the view that, for now, the risks outweigh the benefits. Currently, whatever a good AI assistant can do, a bad AI Assistant can do. Both can access, extract or input credentials, intercept transactions, and send messages to other users. In enterprise environments, malicious AI Assistants could perform actions as the employee, accessing proprietary systems, leak sensitive documents, or create entry points for lateral compromise. Wrapped or re-skinned AI apps—especially unofficial or third-party clones of tools like ChatGPT—further increase the attack footprint, often requesting dangerous (overreaching) permissions and quietly transmitting captured data to external servers. Without real-time detection and control, mobile brands remain exposed to surveillance, compliance failures, and data loss at scale.

“The mobile application and device can only know it’s an Agentic AI Assistant,” said Avi Yehuda, Co-Creator and Chief Technology Officer at Appdome. “The mobile environment has no concept of “good” or “bad” actors, only allowed and disallowed access or permissions, that’s the point.”

Security researchers have observed that malicious AI Assistants can extract session data, cryptographic tokens, or decrypted content by analyzing on-screen information in real time. These apps often masquerade as legitimate voice assistants, and once granted access, can silently monitor users’ activity. Furthermore, when coupled with generative AI models, attackers can script automated reconnaissance, tampering, or replay of sensitive operations inside apps.

“If you have sensitive data or regulated use cases on mobile, AI Assistants are no longer a hypothetical risk—they’re an active one,” said Kai Kenan, VP of Cyber Research at Appdome. “Detecting and controlling the use of these tools is a must-have capability for any mobile defense strategy.”

Appdome’s new Detect Agentic AI Malware plugin uses behavioral biometrics to detect the techniques that malicious or unauthorized AI Assistants use to interact with an Android or iOS application in real time. This includes official, third-party, or wrapped AI apps that impersonate trusted tools or gain elevated permissions. Mobile brands and enterprises can use Appdome to monitor AI Assistant use or detect and defend against Agent AI Assistants using multiple evaluation, enforcement and mitigation options. Mobile brands and enterprises can also specify any number of Trusted AI Assistants, to guarantee that users have access to approved and legitimate Agentic AI Assistants.

“A tsunami of Agentic AI—both good and bad—is approaching the mobile ecosystem. The question is no longer if, but when,” said Chris Roeckl, Chief Product Officer at Appdome. “Most concerning are wrapped versions of legitimate apps, which are increasingly used to trick users into signing in, transacting, and engaging with what looks like your brand—until a malicious agent takes over. Our new dynamic defenses stop Agentic AI from weaponizing your app against your users.”

To learn more about Appdome malware protection, including Detect Agentic AI Malware, please visit https://www.appdome.com/mobile-malware-prevention/.