The proliferation of bots in the mobile environment involves everything from the use of deepfakes, which deceive facial recognition, to the use of fake accounts promoted on social networks, all of this imitating human behavior. In a recent survey on the presence of these robots, conducted in 2023 by the Thales Research, they already accounted for 49.6% of all online traffic, with 32% of them being malicious. This number is expected to increase as access to tools for creating and disseminating bots has become easier and cheaper, allowing anyone with basic technical knowledge to operate these technologies, but companies are already beginning to mobilize to combat them.
This increase in the number of bots is happening because cybercriminals have started using AI to automate attacks and manipulate vulnerabilities that are still present in the architecture of many applications. The lack of specific protection for mobile environments has opened the door to a new generation of these virtual robots that mimic human behavior perfectly and go unnoticed by most common detection systems.
According to Appdome, a leader in mobile business protection, the advancement of AI bots is due to defenses that do not keep up with the complexity of new attack vectors. “Modern bots not only perfectly mimic humans but also combine multiple techniques to exploit vulnerabilities in the apps themselves,” says Chris Roeckl, product director at Appdome. He warns that to protect APIs and users, it is necessary to adopt AI-native solutions that operate in real-time and are compatible with existing application firewalls. “Without this, the system remains exposed, and the bots continue to evolve,” he explains.
These bots test millions of stolen login credentials to break into banking, shopping, and social media apps, taking control of personal accounts in seconds. Social engineering comes into play when, after these breaches, criminals send fake messages simulating security alerts or urgent requests, inducing users to provide authentication codes or confirm financial transactions.
A report from Imperva estimated that automated bot attacks and vulnerable APIs have resulted in annual losses of up to $186 billion for companies worldwide. In the retail sector, for companies, direct revenue loss can be significant, but the losses go beyond that. Bots can inflate false accesses and clicks in advertising campaigns, distort performance data, simulate purchases to block inventory, and, most importantly, undermine consumer confidence.
During the pre-sale of Taylor Swift’s “Eras” tour, Ticketmaster faced issues due to bots that overloaded the system, preventing many fans from purchasing tickets. The brand image can be seriously affected when users start associating it with scams or insecure practices, even if the attack came from outside.
The responsibility should lie with the brands and developers
Amid this growing threat landscape, solutions like Appdome’s MobileBOT™ Defense emerge as an effective alternative by combining native artificial intelligence with the analysis of over 400 dynamic risk vectors, including voice cloning, account creation, login, password reset, and payments.
\“So far, mobile bot defense has mainly focused on preventing brute force attacks and checking for two or three threat signals on the device, but that is no longer sufficient. Mobile brands need to detect not only attacks but also threats on the device, operating system, app, interface, and network before allowing any connection to their APIs”, explains Roeckel.
By drastically reducing bot traffic, Appdome helps mobile companies save significantly on infrastructure and data costs. Its AI-driven native system is a long-term investment as it adapts and evolves quickly in the face of new types of attacks. “In short, the biggest risk that bots pose to digital retail today is not just data leakage, it’s the scale of their actions, which directly impacts transactions, revenue, and the customer experience. Protecting operations against this type of fraud is as essential as safeguarding infrastructure because each fraudulent transaction represents a real loss for the business. Ensuring security against scams and fraud is not only a responsibility of mobile companies today, it’s a brand duty and a user right,” concludes Roeckel.
