Security News > 2024 > April > SoumniBot malware exploits Android bugs to evade detection
A new Android banking malware named 'SoumniBot' is using a less common obfuscation approach by exploiting weaknesses in the Android manifest extraction and parsing procedure.
The method enables SoumniBot to evade standard security measures found in Android phones and perform info-stealing operations.
The malware was discovered and analyzed by Kaspersky researchers, who provide the technical details on the methods the malware uses to take advantage of the Android routine to parse and extract APK manifests.
First, SoumniBot uses an invalid compression value when unpacking the APK's manifest file, which diverges from the standard values expected by the Android 'libziparchive' library tasked with the role.
Anatsa Android malware downloaded 150,000 times via Google Play.
Vultur banking malware for Android poses as McAfee Security app.
News URL
Related news
- TrickMo malware steals Android PINs using fake lock screen (source)
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- macOS HM Surf vuln might already be under exploit by major malware family (source)
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- Android malware "FakeCall" now reroutes bank calls to attackers (source)
- New FakeCall Malware Variant Hijacks Android Devices for Fraudulent Banking Calls (source)
- New Android Banking Malware 'ToxicPanda' Targets Users with Fraudulent Money Transfers (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- SteelFox and Rhadamanthys Malware Use Copyright Scams, Driver Exploits to Target Victims (source)
- Cybercriminals Use Excel Exploit to Spread Fileless Remcos RAT Malware (source)