The Cybersecurity Lair™ • June 26, 2024

Latest News | Snowblind: New Android Banking Malware Exploits Linux Kernel Vulnerability

Seccomp Exploit: Snowblind Banking Malware Targets Android Users

A new strain of banking malware known as "Snowblind" has targeted Android users by exploiting a Linux kernel vulnerability to steal banking credentials and manipulate banking sessions, primarily affecting users in Southeast Asia.



Snowblind utilises a Linux kernel feature called "seccomp" to evade security measures, enabling it to gain remote access to victims' screens through accessibility features. It intercepts banking login details and can manipulate transactions by disabling two-factor authentication (2FA) and biometric verification methods. Snowblind operates stealthily, often infiltrating devices through malicious apps disguised as legitimate software, potentially spreading outside official app stores via social engineering tactics.

Key Points:


  • Snowblind malware targets Android devices, primarily in Southeast Asia, exploiting a Linux kernel vulnerability.
  • It bypasses security measures using the seccomp feature to gain remote screen access and steal banking credentials.
  • The malware can disable 2FA and biometric authentication, increasing the risk of fraud.
  • Victims unknowingly install Snowblind via malicious apps, likely spread through social engineering attacks.
  • Promon has updated its Shield software to counter Snowblind attacks.


Takeaways and Prevention Actions:


  • Awareness: Users should be cautious of installing apps from unofficial sources and remain vigilant against social engineering tactics.
  • Security Measures: Install reputable antivirus software on Android devices to detect and mitigate potential malware infections.
  • Updates: Keep devices and security software updated to protect against new vulnerabilities and exploits.
  • Monitoring: Regularly monitor banking transactions and device activity for any suspicious behaviour.


Source and further reading.


New “Snowblind” banking malware targets Android users with Linux kernel exploit. (2024, June 26). pcmag.com. Retrieved June 26, 2024, from https://www.pcmag.com/news/snowblind-banking-malware-targets-android-users-linux-kernel-exploit