© IE Online Media Services Pvt Ltd
Tags:
Journalism of Courage
A new banking malware called ‘Snowblind’ is targeting Android users to steal banking credentials. This malware exploits a built-in security feature to bypass anti-tamper protection in apps handling sensitive information.
According to security firm Promon, Snowblind works by repacking an app so it is unable to detect the use of accessibility features that can be used to extract sensitive information like login credentials and get remote access to the app.
However, unlike most Android malware, Snowblind exploits a feature called ‘seccomp’, which stands for ‘secure computing’. It is part of the underlying Linux kernel and the Android operating system and is used to check applications for signs of tampering.
The security firm discovered that Snowblind injects a piece of code that loads before seccomp initialises the anti-tampering measures. This enables the malware to bypass security mechanisms and utilize accessibility services to remotely view the victim’s screen.
Snowblind can also disable biometric and two-factor authentication, two security features commonly used by banking apps to thwart unauthorised access. Like typical Android malware, Snowblind infects users who install apps from untrusted sources.
While the security firm was unable to identify how many devices are affected by the new malware, it says that Snowblind is mostly active in Southeast Asia.
When other publications asked Google about Snowblind, the tech giant said that there are currently no apps on the Play Store laced with the malware. This means you are probably safe if you stick to apps available on the Play Store.
