San Diego Business Journal

FatSkunk Inc. wants to outfox a type of software that is growing more common and dangerous.

The business has Silicon Valley roots, talent from the local wireless industry, and space at a downtown San Diego incubator.

FatSkunk’s software goes after malicious code meant to infect mobile devices.

The business attracted $250,000 in seed funding from Qualcomm Inc. and FatSkunk will announce another major corporate investor soon.

CEO Mark Grandcolas says that its Series A investment round, valued at roughly $1.85 million, will close any day now.

That funding will help FatSkunk hire engineers to turn out a product to meet customer demand, said Chief Technology Officer Markus Jakobsson. The executive said FatSkunk has customers, though he declined to say who they are.

FatSkunk’s technology is simple to describe but tricky to implement, Grandcolas said.

Identifying ‘Suspects’

Like anti-virus software, FatSkunk can flush malicious code out of hiding. But comparisons end there. FatSkunk is different from the common anti-virus software.

Common anti-virus software plays a comparison game, trying to match unfamiliar software with known strings of malicious code.

FatSkunk software, which resides on a smartphone or tablet, performs a test that takes a precise amount of time and generates a certain value. Grandcolas said it takes less than 10 milliseconds.

The FatSkunk software takes control of the phone from the operating system, and tells the operating system and apps to get out of main memory. The good apps will obey. The bad apps might not obey, and that will be their undoing.

If an app stays in memory, it will take up space, and the calculation will take a different amount of time. The FatSkunk software will see that and report it to an external server. At that, the server will know the phone is infected.

What happens next? That depends on the policy that the buyer sets.

If the client is a bank, it might stop the transaction that is in progress. But if the transaction is minimal — $25 for example — the financial institution might decide that it can take the risk and let it go through, Grandcolas said.

Licensing the Technology

FatSkunk plans to license its technology to chipset and handset builders. Its business model will be to give away the chipset software but sell connections to the back-end server, said Grandcolas.

Potential customers include government entities, enterprises running email systems and banks offering mobile services.

By now FatSkunk has three patents on its technology.

The conventional anti-virus approach, which always runs in the background of a computer, “works OK on desktops,” FatSkunk’s CEO said.

But the mobile device is a different environment.

Constantly downloading a list of known software threats to a wireless device could easily exhaust a smartphone or tablet’s limited battery life, the two executives said. And it would hog airtime.

So, they assert, the FatSkunk approach of detecting extraneous software in memory is better suited for wireless devices.

There’s another bonus. The FatSkunk approach excels at spotting “zero-day” threats, or malware that is so new that it isn’t on anybody’s blacklist yet.

“We’re able to detect 100 percent of zero-day threats,” said Grandcolas.

FatSkunk has space in the EvoNexus business incubator downtown on Broadway, and anticipates staying there until the latter half of 2014. It has two local employees and expects to hire two more soon, Grandcolas said.

San Diego’s pace is slower than Silicon Valley’s — which is nice, Grandcolas said. He added that the local high-tech community is “very competent” and that FatSkunk can find the talent it needs here.

As for the company’s unusual name: There’s no deep meaning, Grandcolas said. The people behind FatSkunk were simply looking for an inexpensive Internet domain name.

FatSkunk may be a business whose time has come. The amount of malware infecting mobile devices — particularly Android devices — is growing “exponentially,” Grandcolas said. And with folks expected to increase their use of their mobile phones for financial transactions, the stakes are getting higher.

Mobile malware “will be a great burden on society unless it’s dealt with in a proper way,” Jakobsson said.