Phone : +91 95 8290 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » This new malware on Android can bypass security to steal data, ET CISO

This new malware on Android can bypass security to steal data, ET CISO

This new malware on Android can bypass security to steal data, ET CISO

A new Android malware called Snowblind has emerged and it’s using a clever trick to bypass security. Named Snowblind, this malware exploits a feature meant to protect users – a security check called “seccomp” – to hide its tampering with legitimate apps.

Snowblind “repackages” these apps, making them blind to the fact that Snowblind is now piggybacking on them. This allows the malware to misuse accessibility services, which are meant to assist users, but in this case, are hijacked to steal login information or even remotely control the device for malicious purposes.

How this malware can be dangerous

According to a report by BleepingComputer, researchers at mobile security company Promon have discovered this malware strain called Snowblind targeting Android devices. This malware leverages tactics to bypass existing security measures.Snowblind specifically targets apps that handle sensitive user information. The malware exploits a security feature called “seccomp” that’s designed to protect users. Seccomp restricts the actions apps can take, preventing malicious activities.


The malware injects malicious code into the targeted app before its security checks can run. This allows Snowblind to install a filter within seccomp, essentially manipulating the system calls the app can make.

When the app tries to verify if it’s been tampered with (a security check), Snowblind’s filter intercepts this action and blocks it. This prevents the app from detecting Snowblind’s presence.

Snowblind further manipulates the system by altering the app’s attempts to access files. It redirects these attempts to an uninfected version of the app, effectively hiding its tampering from the security check.

What this means for users

Snowblind’s use of a security feature makes it a particularly dangerous threat. The targeted nature of its attack also minimises its impact on device performance, further reducing the chances of users noticing anything unusual. This underlines the importance of staying vigilant and relying on reputable security solutions to protect your mobile devices.

  • Published On Jul 1, 2024 at 10:24 AM IST

Join the community of 2M+ industry professionals

Subscribe to our newsletter to get latest insights & analysis.

Download ETCISO App

  • Get Realtime updates
  • Save your favourite articles


Scan to download App

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

Juniper Firewall
Cisco Firewall
Checkpoint Firewall
paloalto Firewall
Fortinet Firewall
Forcepoint Firewall

 

Sophos Firewall
WatchGuard Firewall
Barracuda Firewall
Sonicwall Firewall
GajShield Firewall
Seqrite Firewall

 

 

 

 

 

 

 

 

 

 

 

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 95 8290 7788 | Support Number : +91 94 8585 7788
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket

Firewall Firm is a Managed Firewall Security Solution Provider Company in India | Digital Marketing by SEO Company India | Powered by IT Monteur