Snowblind Explained: Find out how it steals banking information from Android devices

New Delhi: Mobile banking offers incredible convenience and allows users to manage their finances on the go. However, with this convenience comes an increase in security threats. A new piece of malware known as “Snowblind” has emerged that aims to steal Android users’ banking credentials.

What exactly is Snowblind Android malware?

Snowblind is a type of malware designed to attack Android devices with the intention of stealing your banking information. This malware can capture your bank account login details and perform unauthorized transactions without your consent, identified by cybersecurity firm Promon. (Also read: Vodafone Idea joins Jio, Airtel in major tariff hike across postpaid and prepaid plans: Check new prices)

How does it infiltrate your system?

Snowblind typically infiltrates devices when users unknowingly download an apparently legitimate application that has been repackaged with malicious code. Security firm Promon explains that the malware exploits accessibility features in the app, which allows it to extract sensitive information such as login credentials and gain remote access to the infected app. (Also read: TRAI changes rules for replacing new SIM card as part of mobile number portability)

How does Snowblind malware work?

Snowblind differs from typical Android malware in that it bypasses the platform’s security mechanisms using a feature called “seccomp” in the Linux kernel. This feature is designed to check for tampering.

Snowblind injects code into the system before activating seccomp. This technique allows bypassing security checks and exploiting accessibility services to monitor the screen and facilitate the theft of login credentials or disrupt banking application sessions.

As a result, Snowblind may disable biometric security and two-factor authentication (2FA) and increase the risk of fraud and identity theft. The malware runs silently in the background and potentially goes undetected on your device.