Snowblind Malware

Source-This post on Snowblind Malware has been created based on the article “Snowblind malware uses an Android security feature to bypass security” published in “The Indian Express” on 1 July 2024.

Why in the news?

Recently it has found that a new banking malware called ‘Snowblind’ is targeting Android users to steal banking credentials.

About Snowblind Malware

1. About: Snowblind is a new type of Android banking malware designed to steal banking credentials by bypassing security features.

2. Key Features:

i) Snowblind uses a built-in Android security feature to bypass anti-tamper mechanisms.

ii) This malware repackages apps to avoid detection of accessibility features that can extract sensitive information like login credentials and gain remote access to the app.

iii) Snowblind exploits a feature called ‘seccomp’, which stands for ‘secure computing’ and is part of the Linux kernel and Android OS.

iv) It injects code that loads before seccomp initializes anti-tampering measures, allowing the malware to bypass security mechanisms and utilize accessibility services.

v) Snowblind can remotely view the victim’s screen by using accessibility services.

vi) It can disable biometric and two-factor authentication, which are commonly used security features in banking apps to prevent unauthorized access.

vii) Snowblind typically infects users who install apps from untrusted sources.

viii) The malware is mostly active in Southeast Asia, although the exact number of affected devices is unknown.

3. Security Implications Snowblind poses a significant threat to banking app users by circumventing advanced security measures.

4. Users are advised to avoid installing apps from untrusted sources and to remain vigilant about app permissions and behaviors.

UPSC Syllabus: Science and technology