Researchers discovered a new Android malware, “Snowblind”, running active campaigns since early 2024. This malware exhibits advanced capabilities to bypass security systems on the target devices and steal data.
Snowblind Android Malware Bypasses Security To Steal Data
Security firm Promon shared details about a recently spotted in their latest post, warning Android users. As revealed, their researchers discovered Snowblind, an Android malware, running active campaigns since the beginning of this year.
Specifically, the researchers noticed the malware targeting users in Southeast Asia. Describing its technicalities, the researchers stated that the malware targets Android apps based on the Linux kernel feature “seccomp”. This feature lets the Android system to sandbox applications and restrict the system calls they make.
While seccomp otherwise prevents attacks from malicious apps, Snowblind is different in that it exploits seccomp to attack apps. This enables the malware to bypass this major security feature and compromise apps. Next, it also evades anti-tampering checks as it repackages the target apps. For this, it adds an additional native library into the app, which loads prior to the anti-tampering code, thus bypassing the security check.
Ultimately, the malware gains persistence on the target device, targeting apps and manipulating system calls. It may even steal data from the device, including login credentials and financial information, and hijack user sessions.
The researchers have shared the following video demonstrating the Snowblind attack.
Users Must Remain Wary
Given that Snowblind’s attack strategy involving seccomp exploitation is relatively new, the researchers fear that not many antimalware solutions might have deployed adequate protection against the threat. Yet, given that they have deployed the protection mechanism within their own antimalware tool, users may expect to witness the same with the other security providers too.
Besides, users may easily avoid the threat by following security best practices. That includes downloading apps from official and trusted sources only, double-checking the developer information to verify the apps’ genuineness even when downloading from the Google Play Store, and equipping their devices with robust anti-malware solutions to prevent known threats.
Let us know your thoughts in the comments.
