AppWizard
June 26, 2024
Snowblind is a first-of-its-kind Android banking malware that manipulates a Linux kernel safety feature called "seccomp" to bypass security checks and anti-tampering mechanisms. It exploits accessibility services to gain system-level access to an infected device and can disable security features such as two-factor authentication and biometric verification. The malware targets banking Android apps in Southeast Asia and is effective on all modern Android devices. Promon has developed protective measures against Snowblind and other potential variants of seccomp-based attacks.