A new strain of banking malware, dubbed “Snowblind,” that affects Android mobile devices is targeting users to swipe their banking credentials, cybersecurity firm Promon has found.Snowblind exploits the Linux kernel feature “seccomp” to bypass built-in security triggers. It then co-opts accessibility features to view victims’ screens remotely and can steal banking login information or even interrupt banking app sessions to make illegal or unwanted transactions. It can also disable two-factor authentication (2FA) or biometric verification methods, which exposes victims to further risks of fraud or identity theft. Snowblind tries to operate undetected so victims may not know it’s on their devices.Victims typically become infected with Snowblind by unknowingly installing a malicious app onto their phone that poses as a legitimate app, Vidar Krey, VP of engineering at Promon, tells PCMag.”We believe these types of apps have likely spread outside of the official app stores. This has almost certainly been achieved via social engineering attacks, a still very prevalent and widely reported method of duping less tech-savvy users,” Krey says.Promon and identity management firm i-Sprint note that Snowblind has primarily targeted Android mobile phones in Asia thus far but could work on any contemporary Android device. A Promon spokesperson tells PCMag that the cybersecurity firm hasn’t determined the exact number of infected devices but says Snowblind attacks have been “widespread” in Southeast Asia. Promon has since updated its Shield software to version 6.5.2 to prevent Snowblind attacks.”Southeast Asia is witnessing a sharp rise in cyberattacks as malicious actors try to exploit its financial sectors with increasingly sophisticated cyber threats,” Promon VP of Product Management Henning Treichl said in a statement.
Recommended by Our Editors
“As concerning as Snowblind is, what stands out even more from our analysis is the underlying seccomp-based technique it employs,” says Benjamin Adolphi, head of security research at Promon. “By leveraging seccomp in this novel way, Snowblind not only circumvents existing security measures but also opens up possibilities for a broader range of attacks.”Banking malware can be lucrative for cybercriminals and often involves remote access techniques to steal banking login information or hijack existing sessions. Different types of Android banking malware have been around for over a decade, but it’s possible to figure out if your phone has malware and install an antivirus app for your Android device to stay protected in case a malicious app makes its way onto your phone.
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
