Security News > 2024 > April > SoumniBot malware exploits Android bugs to evade detection
A new Android banking malware named 'SoumniBot' is using a less common obfuscation approach by exploiting weaknesses in the Android manifest extraction and parsing procedure.
The method enables SoumniBot to evade standard security measures found in Android phones and perform info-stealing operations.
The malware was discovered and analyzed by Kaspersky researchers, who provide the technical details on the methods the malware uses to take advantage of the Android routine to parse and extract APK manifests.
First, SoumniBot uses an invalid compression value when unpacking the APK's manifest file, which diverges from the standard values expected by the Android 'libziparchive' library tasked with the role.
Anatsa Android malware downloaded 150,000 times via Google Play.
Vultur banking malware for Android poses as McAfee Security app.
News URL
Related news
- Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection (source)
- DragonRank Exploits IIS Servers with BadIIS Malware for SEO Fraud and Gambling Redirects (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- SpyLend Android malware downloaded 100,000 times from Google Play (source)
- Vo1d malware botnet grows to 1.6 million Android TVs worldwide (source)
- BadBox malware disrupted on 500K infected Android devices (source)
- North Korea’s ScarCruft Deploys KoSpy Malware, Spying on Android Users via Fake Utility Apps (source)
- New Android malware uses Microsoft’s .NET MAUI to evade detection (source)
- EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware (source)
- APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware (source)