Tag

Soumnibot

All articles tagged with #soumnibot

cybersecurity1 year ago•3 min saved

"SoumniBot: Evading Detection and Exploiting Android Weaknesses"

A new Android banking malware called SoumniBot is evading detection by exploiting weaknesses in the Android manifest extraction and parsing procedure, allowing it to steal information from infected devices. The malware uses three different methods to manipulate the manifest file's compression and size, tricking Android's parser and evading security checks. SoumniBot targets Korean users, hides its icon after installation, and remains active in the background, uploading data from the victim. Kaspersky has informed Google about the evasion methods, and provides indicators of compromise for the malware.

via BleepingComputer|

#android #cybersecurity #data-theft

technology1 year ago•6 min saved

"Uncovering the Evasive Tactics of SoumniBot Android Banking Malware"

SoumniBot, a new Android banker targeting Korean users, employs unconventional obfuscation techniques in its Android manifest to evade analysis and detection. These techniques include invalid compression method values, invalid manifest sizes, and long namespace names. Once installed, SoumniBot requests server configurations and uploads data from the victim's device to a server, including sensitive information such as contact lists, SMS messages, and online banking digital certificates. It also has the ability to execute various commands, including stealing and sending banking keys to a command and control server. Despite its sophisticated obfuscation, Kaspersky security solutions can detect SoumniBot and classify it as Trojan-Banker.AndroidOS.SoumniBot.

via Securelist|

#android #banking #malware