Security News > 2024 > April > SoumniBot malware exploits Android bugs to evade detection
A new Android banking malware named 'SoumniBot' is using a less common obfuscation approach by exploiting weaknesses in the Android manifest extraction and parsing procedure.
The method enables SoumniBot to evade standard security measures found in Android phones and perform info-stealing operations.
The malware was discovered and analyzed by Kaspersky researchers, who provide the technical details on the methods the malware uses to take advantage of the Android routine to parse and extract APK manifests.
First, SoumniBot uses an invalid compression value when unpacking the APK's manifest file, which diverges from the standard values expected by the Android 'libziparchive' library tasked with the role.
Anatsa Android malware downloaded 150,000 times via Google Play.
Vultur banking malware for Android poses as McAfee Security app.
News URL
Related news
- RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features (source)
- New Crocodilus malware steals Android users’ crypto wallet keys (source)
- Counterfeit Android devices found preloaded With Triada malware (source)
- Triada Malware Preloaded on Counterfeit Android Phones Infects 2,600+ Devices (source)
- SpyNote, BadBazaar, MOONSHINE Malware Target Android and iOS Users via Fake Apps (source)
- New Android malware steals your credit cards for NFC relay attacks (source)
- SuperCard X Android Malware Enables Contactless ATM and PoS Fraud via NFC Relay Attacks (source)
- Docker Malware Exploits Teneo Web3 Node to Earn Crypto via Fake Heartbeat Signals (source)
- Russian army targeted by new Android malware hidden in mapping app (source)
- ⚡ Weekly Recap: Zero-Day Exploits, Developer Malware, IoT Botnets, and AI-Powered Scams (source)