The proliferation of bots in the mobile environment involves everything from the use of deepfakes that deceive facial recognition to the use of fake accounts boosted on social networks, all mimicking human behavior. In the latest survey on the presence of these robots, conducted in 2023 by Thales Research, they already accounted for 49.6% of all online traffic, with 32% of them being malicious. This number is expected to increase as access to tools for creating and disseminating bots has become easier and cheaper, allowing anyone with basic technical knowledge to operate these technologies, though companies are already beginning to mobilize to combat them.
This increase in the number of bots occurs because cybercriminals have started using AI to automate attacks and manipulate vulnerabilities that are still present in the architecture of many applications. The lack of specific protection for mobile environments has opened the door for a new generation of these virtual robots that perfectly mimic human behavior and go unnoticed by the most common detection systems.
According to Appdome, a leader in mobile business protection, the advancement of AI-powered bots is due to defenses that do not keep up with the complexity of new attack vectors. ‘Modern bots not only perfectly mimic humans but also combine various techniques to exploit flaws in the apps themselves,’ says Chris Roeckl, Appdome’s product director. He warns that to protect APIs and users, it is necessary to adopt natively AI-based solutions that operate in real-time and are compatible with existing application firewalls. ‘Without this, the system remains exposed and bots continue to evolve,’ he explains.
These bots test millions of stolen login credentials to hack banking, shopping, and social media apps, taking control of personal accounts in seconds. Social engineering comes into play when, after these breaches, criminals send fake messages simulating security alerts or urgent requests, tricking users into providing authentication codes or confirming financial transactions.
A report from Imperva estimated that automated attacks by bots and vulnerable APIs resulted in losses of up to $186 billion annually for companies worldwide. In the retail sector, for companies, the direct loss of revenue can be significant, but the damages go beyond that. Bots can inflate fake visits and clicks in advertising campaigns, distort performance data, simulate purchases to block inventory, and, most importantly, undermine consumer trust.
During the pre-sale of Taylor Swift’s ‘Eras’ tour, Ticketmaster faced issues due to bots that overloaded the system, preventing many fans from purchasing tickets. The brand’s image can be seriously affected when users begin associating it with scams or unsafe practices, even if the attack came from outside.
The responsibility must fall on brands and developers
In the face of this growing threat landscape, solutions like Appdome’s MobileBOT™ Defense emerge as an effective alternative by combining native artificial intelligence with the analysis of over 400 dynamic risk vectors, including voice cloning, account creation, login, password reset, and payments.
‘Until now, mobile bot defense has basically focused on preventing brute-force attacks and checking two or three threat signals on the device, but this is no longer enough. Mobile brands need to detect not only attacks but also threats on the device, the operating system, the app, the interface, and the network before allowing any connection to their APIs,’ explains Roeckel.
By drastically reducing bot traffic, Appdome helps mobile companies save significantly on infrastructure and data costs. Its native AI system is a long-term investment, as it quickly adapts and evolves in the face of mutations of new types of attacks. ‘In short, the greatest risk bots pose to digital retail today is not just data leakage, it’s the scale of their actions, which directly affects transactions, revenue, and customer experience. Protecting operations against this type of fraud is as essential as protecting infrastructure, since each fraudulent transaction represents a real loss for the business. Ensuring security against scams and fraud is not just a responsibility for mobile companies today, it’s a brand duty and a user right,’ concludes Roeckel.
