The advent of mobile banking has brought unparalleled convenience, yet it also introduces a growing security challenge. A newly identified malware named ‘Snowblind’ specifically targets Android users, aiming to pilfer banking credentials.
Snowblind, a malicious software discovered by cybersecurity firm Promon, specializes in infiltrating Android devices to extract sensitive banking information. This malware covertly captures banking login details and executes unauthorized transactions.
Typically, users inadvertently download the malware disguised within seemingly legitimate applications. According to Vidar Krey, VP of Engineering at Promon, Snowblind reconfigures apps to evade detection, exploiting accessibility features to surreptitiously collect sensitive data and remotely manipulate apps. “We suspect these applications have likely spread beyond official app stores, often through social engineering tactics—a persistent and widely recognized method of deceiving less tech-savvy users,” Mr. Krey informed PCMag.
Unlike conventional Android threats, Snowblind sidesteps built-in security measures by exploiting a feature in the Linux kernel called “seccomp,” designed to thwart unauthorized alterations. By injecting code before seccomp activates, Snowblind circumvents security checks and employs accessibility services to monitor screens, facilitating the theft of login credentials and interception of banking app sessions. This capability allows Snowblind to disable biometric and two-factor authentication (2FA), heightening the risk of fraud and identity theft. Operating discreetly in the background, the malware can go unnoticed by users.
