Ctrlk
HomePremium ProductsCustomer Portal
For the complete documentation index, see llms.txt. This page is also available as Markdown.
ChatGPT

How Our Partnership With Gen Digital Enabled Malware Detection v2 Powered by Avast and Norton DBs

Talsec partners with Gen Digital (Avast, Norton) to integrate their global threat intelligence into Malware Detection v2, enabling a live, high-confidence malware detection.

The Talsec SDK just received the Malware Detection v2 update that allows you to move from "This app looks suspicious" to "This app is malicious," enabling app developers to block access on truly infected devices. Our community has been requesting the ability to automate security enforcement without the fear of blocking legitimate customers for a long time and there’s a story behind it.

Beyond our core mobile security RASP territory (root detection, Frida detection, app integrity checks, etc.) we’ve always wanted to master malware detection field to match our deepest understanding of Android risks. Our Malware Detection (v1) engine has been in the field since that early era, utilizing heuristics to flag suspicious properties like dangerous permissions or untrusted sources. It has been highly effective at uncovering zero-day threats, but it was essentially the 'Chapter One' that we’ve finally been able to complete with v2.

See the v2 product page to learn features and use-cases: https://docs.talsec.app/premium-products/product/malware-detection

The Malware Database Challenge

A few years ago, when we first started working on our Malware Detection extension, we realized we were at a crossroads. We could take the heuristic route (which we did)—identifying zero-day attacks by flagging apps requesting SMS permissions via ADB or holding REQUEST_INSTALL_PACKAGES. This remains vital for catching evolving malware that hasn't been indexed yet.

The alternative was a malware database (DB) approach. We tried to bridge this gap by engaging with the security community and major players, but at the time, access to the world’s leading threat intelligence providers was simply out of reach for a specialized team like ours.

I even found an artifact in my desk drawer the other day: a dusty 2TB HDD with a "Nuclear Danger" sticker, holding a static snapshot of a malware database from that era. The millions of hashes on that drive have almost zero value today, but it’s a reminder of what we wanted to build but couldn’t yet scale:

Note to future self: Don't leave malware hard drives lying around the office. 🙃

Partnership with Gen Digital & The Birth of v2

This year, as the demand for a real-time malware database became undeniable, everything fell into place. Through a mix of luck and persistence, our team connected with a true titan in threat intelligence: Gen Digital, the powerhouse behind Avast, Norton, and Avira. The Gen operates a global, cloud-based system that classifies files in real time. Behind it there’s an online database containing hundreds of millions of file metadata and a set of innovative algorithms that help decide if a file is potentially dangerous. Their API allows the Talsec SDK to verify app hashes and receive a classification in milliseconds.

The Gen, Norton and Avast logos are the property of Gen Digital Inc. and are used here solely for reference and identification purposes. src: https://www.gendigital.com/us/en/

Suddenly, the state-of-the-art malware intelligence we had been striving for was accessible. With this level of intelligence finally at our fingertips, the team started coding immediately. We rewired the internals of our SDK Malware Detection engine to allow for live, online malware checks. After a total engine overhaul and rigorous testing, we introduced Malware Detection v2. It’s no longer a choice between heuristics and databases—it’s a hybrid framework that addresses both known and unknown threats.

You now have granular control:

  • Offline Mode: Stick to the classic heuristic scanning for privacy or offline-first needs.

  • High-Confidence Online Mode: Check against a live global database to identify known malware with near-zero false positives.

  • High-Security Online Model: The recommended setup for high-stakes environments like banking or payments. This combines API-verified detection with permission-based zero-day flagging.

Wrapping up: Defending Against Malware Threats

Finally, the Talsec SDK is equipped well to identify all kinds of high-risk apps. RATs & banking trojans causing session hijacking or credential theft. Accessibility misuse malware performing unauthorized screen reading/clicks. Keyloggers & SMS Forwarders. Video injection tools utilized for KYC fraud. Or common tools like TeamViewer or AnyDesk that are often exploited for remote assistance fraud.

See the Talsec Malware Detection SDK in action. These demos that I recorded some time ago showcase how the SDK identifies specific threats in real-time on Android devices:

Some of you are already running this in your apps. If you are, I’d love to hear your thoughts in the comments. For everyone else: let us know if you want to see a demo.

Typical malware: Sideloaded, has suspicious permissions and is confirmed to be malicious by online DB

Happy Hacking to all Talsec friends 👍 !

written by Tomas Soukal, Talsec Team

PreviousNew features in Talsec PortalNextTalsec Global Threat Report 2025

Last updated

Was this helpful?