A new Android banking virus called 'Snowblind' aims to steal credentials and sensitive banking data by exploiting built-in security mechanisms.
Snowblind operates by repackaging genuine apps, preventing them from detecting accessibility features that harvest sensitive information like as login passwords and allow remote access.
The malware disables a vital security feature known as'seccomp' (secure computing), which is built into the Linux kernel and Android OS and checks apps for tampering.
Snowblind injects code that loads before Seccomp's anti-tampering protections are activated, allowing the virus to circumvent security mechanisms and remotely access the victim's screen.
Promon, a security firm, researched Snowblind after getting a sample from i-sprint, revealing how the virus achieved its goals unnoticed by attacking Seccomp and accessibility services.
Snowblind's ability to avoid security measures emphasizes the importance of improving app security and being aware of how malware might exploit accessibility features and system weaknesses.