Snowblind malware uses an Android security feature to bypass security

Snowblind Malware

A new Android banking virus called 'Snowblind' aims to steal credentials and sensitive banking data by exploiting built-in security mechanisms.

Repackaging and Anti-Tamper Bypass

Snowblind operates by repackaging genuine apps, preventing them from detecting accessibility features that harvest sensitive information like as login passwords and allow remote access.

Seccomp Security Feature Bypass

The malware disables a vital security feature known as'seccomp' (secure computing), which is built into the Linux kernel and Android OS and checks apps for tampering.

Early Code Injection

Snowblind injects code that loads before Seccomp's anti-tampering protections are activated, allowing the virus to circumvent security mechanisms and remotely access the victim's screen.

Investigation by Promon

Promon, a security firm, researched Snowblind after getting a sample from i-sprint, revealing how the virus achieved its goals unnoticed by attacking Seccomp and accessibility services.

Implications and Security Measures

Snowblind's ability to avoid security measures emphasizes the importance of improving app security and being aware of how malware might exploit accessibility features and system weaknesses.

Discover Latest Cybersecurity News

Arrow