Forwarded from Pegasus NSO & other spyware
Beware of Snowblind: A new Android malware
Snowblind : A new Android malware abuses security feature to bypass security
Demo : YT link ( Invidious is broken !)
Via @androidmalware
#Android #Malware #Snowblind #Trojan
Snowblind : A new Android malware abuses security feature to bypass security
In early 2024, our partner i-Sprint provided a sample of a new Android banking trojan we have named Snowblind. Our analysis of Snowblind found that it uses a novel technique to attack Android apps based on the Linux kernel feature seccomp. Android uses seccomp to sandbox applications and limit the system calls they can make. This is intended as security feature that makes it harder for malicious apps to compromise the device.
However, Snowblind misuses seccomp as an attack vector to be able to attack applications. We have not seen seccomp being used as an attack vector before and we were surprised how powerful and versatile it can be if used maliciously.
Demo : YT link ( Invidious is broken !)
Via @androidmalware
#Android #Malware #Snowblind #Trojan