New Delhi: Mobile banking offers incredible convenience and allows users to manage their finances on the go. However, this convenience comes with increasing security risks. A new malware known as ‘Snowblind’ has emerged which specifically targets Android users to steal their banking credentials.


What exactly is Snowblind Android malware?


COMMERCIAL BREAK
SCROLL TO CONTINUE READING

Snowblind is a type of malware designed to attack Android devices with the intent of stealing baking information. This malicious software is capable of capturing your banking login credentials and perform unauthorised transactions without your consent, identified by cybersecurity firm Promon. (Also Read: Vodafone Idea Joins Jio, Airtel In Major Tariff Hike On Postpaid And Prepaid Plans : Check New Prices)


How does it infiltrate your system?


Snowblind typically infiltrates devices when users unknowingly download a seemingly legitimate app that has been repackaged with malicious code. Security firm Promon explains that the malware exploits accessibility features within the app which allows it to extract sensitive information such as login credentials and gain remote access to the affected application. (Also Read: TRAI Modifies Rules For New SIM Replacement Under Mobile Number Portability)


How does Snowblind malware operate?


Snowblind differs from typical Android malware by bypassing the platform's security mechanisms using a feature called "seccomp" in the Linux kernel.  This feature is intended to check for tampering.


Snowblind injects code into the system before seccomp activates. This technique enables it to bypass security checks and utilize accessibility services to monitor your screen and facilitate the theft of login information or disruption of your banking app sessions.


As a result, Snowblind can disable biometric and two-factor authentication (2FA) protections and increase the risk of fraud and identity theft. The malware operates silently in the background, potentially remaining undetected on your device.