New ‘Snowblind’ Banking Malware Targets Android Users With Linux Kernel Exploit

[ad_1]

A new strain of banking malware dubbed “Snowblind” that affects Android mobile devices has been targeting users to swipe their banking credentials this year, cybersecurity firm Promon has found.Snowblind exploits the Linux kernel feature “seccomp” to bypass built-in security triggers. It then co-opts accessibility features to view victims’ screens remotely and can steal banking login information or even interrupt banking app sessions to make illegal or unwanted transactions. It can also disable two-factor authentication (2FA) or biometric verification methods, which exposes victims to further risks of fraud or identity theft. Snowblind tries to be difficult to detect instead of making its presence obvious, so victims may not know it’s operating on their devices.Victims typically become infected with Snowblind by unknowingly installing a malicious app onto their phone that poses as a legitimate app, Vidar Krey, VP of engineering at Promon, tells PCMag via email. “We believe these types of apps have likely spread outside of the official app stores. This has almost certainly been achieved via social engineering attacks, a still very prevalent and widely reported method of duping less tech-savvy users,” Krey said.Promon and identity management firm i-Sprint note that Snowblind has primarily been used to target Android mobile phones in Asia thus far, but could work on any and all contemporary Android devices. A Promon spokesperson tells PCMag that the cybersecurity firm hasn’t determined the exact number of infected devices, but says Snowblind attacks have been “widespread” in Southeast Asia. Promon has since updated its Shield software to prevent Snowblind attacks with its 6.5.2 update.”Southeast Asia is witnessing a sharp rise in cyberattacks as malicious actors try to exploit its financial sectors with increasingly sophisticated cyberthreats,” Promon VP of Product Management Henning Treichl said in a statement.

Recommended by Our Editors

“As concerning as Snowblind is, what stands out even more from our analysis is the underlying seccomp-based technique it employs,” said Benjamin Adolphi, head of security research at Promon. “By leveraging seccomp in this novel way, Snowblind not only circumvents existing security measures but also opens up possibilities for a broader range of attacks.”Banking malware can be lucrative for cybercriminals and often involves remote access techniques to steal banking login information or hijack existing sessions. Different types of Android banking malware have been around for over a decade, but it’s possible to figure out if your phone has malware and install an antivirus app for your Android device to stay protected in case a malicious app makes its way onto your phone.

Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.

[ad_2]

We will be happy to hear your thoughts

Leave a reply

Megaclicknshop
Logo
Compare items
  • Total (0)
Compare
0
Shopping cart