{"id":303127,"date":"2024-07-02T18:32:37","date_gmt":"2024-07-02T13:02:37","guid":{"rendered":"https:\/\/forumias.com\/blog\/?p=303127"},"modified":"2024-07-02T18:32:37","modified_gmt":"2024-07-02T13:02:37","slug":"snowblind-malware","status":"publish","type":"post","link":"https:\/\/forumias.com\/blog\/snowblind-malware\/","title":{"rendered":"Snowblind Malware"},"content":{"rendered":"<p style=\"text-align: justify;\"><strong>Source<\/strong>-This post on<strong> Snowblind Malware<\/strong> has been created based on the article \u201c<a href=\"https:\/\/indianexpress.com\/article\/technology\/tech-news-technology\/snowblind-malware-uses-an-android-security-feature-to-bypass-security-9418579\/\" target=\"_blank\" rel=\"noopener\">Snowblind malware uses an Android security feature to bypass security<\/a>\u201d published in \u201c<strong>The Indian Express<\/strong>\u201d on 1 July 2024.<\/p>\n<h2 style=\"text-align: justify;\">Why in the news?<\/h2>\n<p style=\"text-align: justify;\">Recently it has found that a new banking malware called \u2018<span style=\"color: #ff0000;\">Snowblind<\/span>\u2019 is targeting Android users to steal banking credentials.<\/p>\n<h2 style=\"text-align: justify;\">About Snowblind Malware<\/h2>\n<p style=\"text-align: justify;\"><strong>1. About:<\/strong> Snowblind is a <span style=\"color: #ff0000;\">new type of Android banking malware<\/span> designed to steal banking credentials by bypassing security features.<\/p>\n<p style=\"text-align: justify;\"><strong>2. Key Features:<\/strong><\/p>\n<p style=\"text-align: justify;\">i) Snowblind uses a built-in Android security feature to <span style=\"color: #ff0000;\">bypass anti-tamper mechanisms<\/span>.<\/p>\n<p style=\"text-align: justify;\">ii) This malware repackages apps to <span style=\"color: #ff0000;\">avoid detection of accessibility features<\/span> that can extract sensitive information like login credentials and gain remote access to the app.<\/p>\n<p style=\"text-align: justify;\">iii) Snowblind exploits a feature called \u2018<span style=\"color: #ff0000;\">seccomp<\/span>\u2019, which stands for \u2018secure computing\u2019 and is part of the Linux kernel and Android OS.<\/p>\n<p style=\"text-align: justify;\">iv) It injects code that loads before <span style=\"color: #ff0000;\">seccomp initializes anti-tampering measures<\/span>, allowing the malware to bypass security mechanisms and utilize accessibility services.<\/p>\n<p style=\"text-align: justify;\">v) Snowblind can remotely view the victim\u2019s screen by using accessibility services.<\/p>\n<p style=\"text-align: justify;\">vi) It can disable biometric and two-factor authentication, which are commonly used security features in banking apps to prevent unauthorized access.<\/p>\n<p style=\"text-align: justify;\">vii) Snowblind typically infects users who install apps from untrusted sources.<\/p>\n<p style=\"text-align: justify;\">viii) The malware is mostly active in Southeast Asia, although the exact number of affected devices is unknown.<\/p>\n<p style=\"text-align: justify;\">3. Security Implications Snowblind poses a significant threat to banking app users by circumventing advanced security measures.<\/p>\n<p style=\"text-align: justify;\">4. Users are advised to <span style=\"color: #ff0000;\">avoid installing apps from untrusted sources<\/span> and to remain vigilant about app permissions and behaviors.<\/p>\n<p style=\"text-align: justify;\"><strong>UPSC Syllabus: Science and technology<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Source-This post on Snowblind Malware has been created based on the article \u201cSnowblind malware uses an Android security feature to bypass security\u201d published in \u201cThe Indian Express\u201d on 1 July 2024. Why in the news? Recently it has found that a new banking malware called \u2018Snowblind\u2019 is targeting Android users to steal banking credentials. About&hellip; <a class=\"more-link\" href=\"https:\/\/forumias.com\/blog\/snowblind-malware\/\">Continue reading <span class=\"screen-reader-text\">Snowblind Malware<\/span><\/a><\/p>\n","protected":false},"author":10366,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"footnotes":""},"categories":[1566,1738],"tags":[11872,11452],"class_list":["post-303127","post","type-post","status-publish","format-standard","hentry","category-daily-factly-articles","category-science-and-technology-daily-factly-articles","tag-9pm-daily-factly","tag-the-indian-express","entry"],"jetpack_featured_media_url":"","views":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/posts\/303127","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/users\/10366"}],"replies":[{"embeddable":true,"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/comments?post=303127"}],"version-history":[{"count":0,"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/posts\/303127\/revisions"}],"wp:attachment":[{"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/media?parent=303127"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/categories?post=303127"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/tags?post=303127"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}