A new banking malware called “Snowblind” is targeting Android users, exploiting the Linux kernel feature “seccomp” to bypass security measures.
Discovered by cybersecurity firm Promon, Snowblind uses accessibility features to remotely view victims’ screens, steal banking credentials, and disrupt app sessions to make unauthorized transactions.
Snowblind can disable two-factor authentication and biometric verification, increasing the risk of fraud and identity theft. It typically infects devices through malicious apps posing as legitimate ones, often distributed outside official app stores via social engineering attacks. Promon has observed widespread attacks in Southeast Asia, but the malware can potentially affect any modern Android device.
Promon has updated its Shield software to prevent Snowblind attacks. Google is aware of the malware and has confirmed that no apps containing it are found on Google Play. Android users are protected against known versions of Snowblind by Google Play Protect, which warns or blocks malicious apps, even from external sources.
To protect against such threats, users should install antivirus apps and avoid downloading apps from unofficial sources. Keeping security software updated is also crucial in defending against emerging malware like Snowblind.