Mobile malware & threat research

The Corellium Virtual Hardware platform provides security threat and research teams with never-before-possible investigative capabilities on virtual iOS and Android devices. It’s not an emulator or simulator; it’s Arm on Arm virtualization.

ioc-gathering

IOC gathering and threat hunting

Augment static mobile malware and threat research with advanced dynamic analysis. Actively engage with smishing and phishing scams, or change the virtual device’s physical location (GPS) to examine location-based threats.

sandboxed-mobile-1-1

Sandboxed mobile malware detonation

Safely detonate mobile malware on sandboxed Corellium virtual devices, and use built-in snapshot and cloning tools to quickly and safely replicate environments or reset to initial testing states.

Solution highlights

Malware detonation

Built-in network monitoring tools let you analyze encrypted C2 and app traffic instantly. CoreTrace gives you access to app syscall tracing during execution.

Threat hunting

Direct root file system access for iOS and Android devices to gather IoC evidence during and after detonation.

Sandboxing

Sandbox with network-isolated virtual hardware for safer mobile threat analysis and malware detonation.

Virtualization not emulation

Arm-native, this is real mobile threats and malware running on virtual devices with the ability to quickly restore device snapshots.

Spin up needed devices

Easily spin up near limitless iOS and Android devices, from past models and releases to the very latest.

Instant root & jailbreak

Root any device configuration — including the latest versions of iOS — without needing to apply public jailbreaks.

Procurement

Eliminate physical device procurement and risks by allocating virtual hardware resources to specific teams, with user and project workspace management tools.

Collaboration

Quickly create and deploy virtual devices across users with integrated project folders and team assignments.

Control

Simplify onboarding, role-based access (RBAC), and offboarding through centralized administration.

Technical capabilities

Threat and malware research

Easily spin up near limitless combinations of iOS and Android device, OS, and mobile apps
Gain device root access, no need to apply additional code or tools
Conduct research on mobile threats using any iOS version; jailbroken, rooted, or not
Detonate and monitor mobile malware apps (IPAs and APKs) on sandboxed virtual devices
Easily intercept C2/malware traffic and strip all SSL/TLS
Simulate SMS (on iOS) to investigate smishing and phishing attacks
Browse the device’s file system to conduct threat hunting and gather IoCs
Gain instant access to mobile malware app syscall tracing for dynamic analysis
Control device sensors, GPS location, and device IDs

Conduct more research, faster

Single web-based platform for both iOS and Android
Snapshot and restore virtual devices nearly instantly
Stop hunting the “used” market for specific devices
No need to ship physical devices to global team members
Eliminate time wasted with physical device maintenance

Training & education

Mobile threat research training
Mobile malware research training
Mobile app demonstration platform
Teach mobile threat and defensive best practices

Deployment flexibility

1280px-Amazon_Web_Services_Logo 1

Corellium Cloud

Corellium is hosted on AWS using Amazon Graviton ARM servers.

Corellium Appliances

Corellium appliances for on-site/air-gapped R&D use the latest Ampere Altra Arm servers.