Strengthen Threat Intelligence with Virtualized Malware Analysis
Safely detonate and reverse-engineer mobile threats in a high-fidelity, virtualized environment.
Using Physical Devices Stalls Critical Threat Research
Federal agencies are inundated with cyber threats, as adversaries seek to breach systems, compromising national interests and citizen privacy. Security teams are at the forefront of this battle, deploying experienced threat hunters to dissect mobile malware, zero-day exploits and targeted phishing campaigns. However, to safely analyze Indicators of Compromise (IoCs), they need deep, system-level visibility in a completely isolated environment.
Using physical hardware isn’t a viable option. Sourcing and rooting specific mobile devices — particularly used devices — is incredibly slow. And this isn’t a one-time activity. Threat hunters need to repeatedly snapshot, wipe and restore devices, using up valuable time. When physical devices are bricked or corrupted, investigation timelines are extended and resources are diverted to hardware recovery instead of advanced testing, leaving agencies fighting a losing battle with bad actors.
Accelerate Threat Research with Virtualization
Corellium, a Cellebrite company, virtualizes iOS and Android environments to support controlled malware detonation, artifact collection and repeatable device-state analysis. Researchers can replicate compromised states, validate persistence mechanisms and preserve forensic integrity without repeated reliance on physical hardware:
- Safely detonate mobile malware and engage with phishing scams in a network-isolated sandbox, without relying on limited emulators or simulators.
- Accelerate IoC gathering and threat hunting with real-time visibility into Secure Sockets Layer / Transport Layer Security (SSL/TLS) stripped network traffic, file system access and app syscall tracing via CoreTrace.
- Reverse-engineer threats faster with instant root access and USBFlux technology, enabling seamless integration with industry-standard tools such as IDA Pro, Frida and Burp Suite.
- Reproduce and validate attacks by spinning up limitless combinations of iOS and Android devices, using nearly instant snapshots to restore clean environments.
- Deploy in high-security environments with flexible options, including air-gapped on-premises appliances or secure private cloud installations.