Researchers discovered a new Android malware, ‘Snowblind’, which has been running active campaigns since early 2024. This malware has advanced capabilities to bypass security systems on the target devices and steal data.
Snowblind Android malware bypasses security to steal data
Security company Promon shared details about one recently spotted in their latest release after, warn Android users. As revealed, their researchers discovered Snowblind, an Android malware, which has been running active campaigns since the beginning of this year.
In particular, the researchers noted the malware targeted users in Southeast Asia. Describing its technical details, the researchers say the malware targets Android apps based on the Linux kernel function “seccomp.” This feature allows the Android system to sandbox applications and limit the system calls they make.
While seccomp otherwise prevents attacks from malicious apps, Snowblind is different because it exploits seccomp to attack apps. This allows the malware to bypass this important security feature and compromise apps. Then it also bypasses anti-tampering checks while repackaging the target apps. To do this, an additional native library is added to the app, which is loaded before the anti-tampering code, thus bypassing the security check.
Ultimately, the malware gains persistence on the target device, targeting apps and manipulating system calls. It can even steal data from the device, including login credentials and financial information, and hijack user sessions.
The researchers shared the following video demonstrating the Snowblind attack.
Users should remain on their guard
Given that Snowblind’s attack strategy, which uses seccomp, is relatively new, researchers fear that not many anti-malware solutions have provided adequate protection against the threat. But considering that they have implemented the protection mechanism within their own anti-malware tool, users should expect the same to happen with the other security providers as well.
Moreover, users can easily avoid the threat by following security best practices. That includes downloading apps from only official and trusted sources, double-checking developer information to verify the apps’ authenticity even when downloaded from the Google Play Store, and equipping their devices with robust anti-virus protection. malware solutions to prevent known threats.
Let us know your thoughts in the comments.
