seccomp Archives

AppWizard

July 1, 2024

CapraRAT Spyware Disguised as Popular Apps Threatens Android Users

- Transparent Tribe continues malware campaign targeting Android users - Group embedding spyware into curated video browsing applications targeting mobile gamers, weapons enthusiasts, and TikTok fans - Campaign dubbed CapraTube delivering spyware called CapraRAT - CapraRAT used in attacks targeting Indian government and military personnel - New malicious APK files identified - CapraRAT abusing permissions to access sensitive data - Malware developers focusing on making the tool more reliable and stable - Snowblind, a novel type of Android banking malware, discovered using seccomp technique to bypass anti-tampering mechanisms - Malware authors in Southeast Asia becoming extremely sophisticated

AppWizard

June 26, 2024

Snowblind is a new Android banking malware abusing a safety tool

Snowblind is a first-of-its-kind Android banking malware that manipulates a Linux kernel safety feature called "seccomp" to bypass security checks and anti-tampering mechanisms. It exploits accessibility services to gain system-level access to an infected device and can disable security features such as two-factor authentication and biometric verification. The malware targets banking Android apps in Southeast Asia and is effective on all modern Android devices. Promon has developed protective measures against Snowblind and other potential variants of seccomp-based attacks.