Call Us Now

+91 9606900005 / 04

For Enquiry

legacyiasacademy@gmail.com

About Snowblind Malware

Context:

A new banking malware called ‘Snowblind’ is targeting Android users to steal banking credentials.

Relevance:

GS III: Security Challenges

About Snowblind Malware:

  • Nature of Malware:
    • Snowblind is a new type of Android malware designed to exploit a built-in Android security feature to bypass anti-tamper mechanisms and steal banking credentials.
Mechanism:
  • Exploitation of Security Features:
    • It leverages an Android security feature to bypass tamper protection in applications handling sensitive data.
  • Repacking Apps:
    • The malware repacks applications, making it impossible to detect accessibility features used to extract sensitive information like login credentials, and gain remote access to the app.
  • Seccomp Feature:
    • Snowblind exploits a feature called ‘seccomp’ (secure computing), which is part of the underlying Linux kernel and the Android operating system, used to check applications for tampering.
Infection Process:
  • Injection of Code:
    • The malware injects a piece of code that loads before seccomp initializes anti-tampering measures. This allows the malware to bypass security mechanisms and use accessibility services to view the victim’s screen remotely.
  • Disabling Security Features:
    • Snowblind can disable biometric and two-factor authentication, common security features in banking apps to prevent unauthorized access.
  • Source of Infection:
    • Like typical Android malware, Snowblind infects users who download and install apps from untrusted sources.
Geographic Impact:
  • While the exact number of affected devices is unknown, Snowblind is reported to be most active in Southeast Asia.

-Source: Indian Express


December 2024
MTWTFSS
 1
2345678
9101112131415
16171819202122
23242526272829
3031 
Categories

Register For a Free Online Counselling Session Now !

Welcome Pop Up
+91