CSD by SfyLabs

  • Detect malware
  • Prevent fraud
  • Use your own app

Protect your Android users

Since early 2014 mobile banking malware for Android has been on the rise due to its large market share (>85%) and open ecosystem, in which it is relatively easy to infect devices.

75% of mobile breaches will be traced to mobile apps by 2017— GARTNER

Another important factor that could explain the big shift of banking malware towards the open Android platform is the fact that the largest number of logins & financial transactions nowadays occurs on the mobile device.

85% mobile & 15% desktop login, 60% mobile & 40% desktop transactions— Top bank in The Netherlands (January 2017)

Detecting malware using your own app

CSD is an Android library (AAR) that can be easily integrated into any existing Android app.

A key feature of the library is the detection of overlays that cover a target app and entice a user into supplying sensitive information. Such a detection will trigger an alert which is sent to the CSD server (managed dashboard) where it can be judged by a malware analyst and (automatically) forwarded to any fraud engine of the financial organisation.

Behaviour based detection

By using our behaviour based detection we are able to find new (banking) malware which would not have been found using only signature based detection (blacklisting). This unique approach enables us to build intelligence on new malware families and new techniques before any fraud takes place. Using these techniques CSD is able to detect latest malware threats such as Bankbot, Marcher, Mazar, CryEye and Exobot.

In the news

Android banking malware threat intelligence

Our threat intel team provides around-the-clock monitoring of current and new (banking) malware threats for the Android platform. This enables us to keep our detection methods up-to-date and respond quickly to new threats in this ever-changing landscape.

Our research has been in the news many times by being the first party to discover new android banking malware that contributes to a safer ecosystem (awareness) which benefits everyone.

Empower your threat analysts with the CSD portal. Analyst of financial organization can use our portal to investigate new threats and we provide reverse engineering support on potential malicious malware.

Product features


  • Behaviour detection of overlays
  • Rule based support with Yara
  • APK upload intel gathering
  • Device scoring, such as:
    • Root
    • Hooking
    • Unknown sources
    • Debugging


  • Cloud (AWS) or on-premises VM
  • Investigate new malware hits
  • Role based access (MI, Analyst, Maintenance)
  • Create rules on all aspects of app
  • Full integration in fraud engines (json/xml e.g. RiskShield)

Success story

CSD has been created in collaboration with designers, developers and fraud experts of one of the largest banks in the Netherlands. Our solution therefore fully integrates into the fraud detection environment of a financial organisation. CSD is deployed successfully on more than 2 million Android devices without any issues. This has resulted in the detection of new threats enabling us to provide the rest of the world with threat intelligence such as new Bankbot campaigns in Google’s Play Store.

Reference upon request.


Request a demo or whitepaper

Fill out the form underneath in order to request a CSD demo or whitepaper.

About us

SfyLabs is a daughter company of Securify B.V. with focus on product development, support and around the clock Android banking malware threat intelligence. 

We have more than 15 years of cyber security experience and are preferred supplier of the largest financials in the Netherlands and have expanded our services to Europe, UK and US.


SfyLabs B.V.
Naritaweg 106C
1043CA Amsterdam
C.C. 63539330