The Official Discovery for Android, with a Major DANGER, what Google Says

Android has revealed an official discovery with a major danger for millions of phones, what Google says and does for people.

Android Official Discovery Major DANGER Says Google

Android you are targeted by a new malware, called Snowblind, is putting users at risk by abusing a security feature to bypass anti-modification protections. It repackages target applications, allowing unauthorized access to sensitive data such as user credentials and remote device control. Unlike other Android malware, Snowblind exploits "seccomp", a Linux kernel feature used by Android to ensure application integrity.

Snowblind achieves its goal by injecting a native library that loads before the anti-modification code of the targeted application. This installs a seccomp filter to intercept system calls such as the "open() syscall" commonly used to access files. While checking the APK for manipulation, Snowblind's seccomp filter blocks the call and raises a SIGSYS signal, indicating a bad argument.

The innovative technique used by Snowblind exploits seccomp to manipulate system calls and redirect the anti-modification code to an unmodified version of the APK. This minimizes the performance impact and makes it difficult for Android users to detect the attack. Researchers at Promon, a mobile app security company, analyzed this malware after receiving a sample from i-Sprint, a partner specializing in identity system protection.

The Official Discovery for Android, with a Major DANGER, what Google Says

Snowblind can disable critical security features in apps, such as two-factor authentication or biometric verification. This allows attackers to read sensitive information displayed on the screen, control the device and exfiltrate personal and transaction data. Promon noticed Snowblind targeting an app from an i-Sprint customer in Southeast Asia, but it's unclear how many apps have been affected so far.

Google has been contacted for comment on the misuse of seccomp in attacks against Android. A spokesperson said that based on current detections, no apps containing this malware were found on Google Play. Android users are automatically protected against known versions of Snowblind through Google Play Protect, enabled by default on devices with Google Play Services. This service can warn users or block malicious apps even when they come from external Play sources.

Snowblind is a major new threat to Android users, exploiting seccomp to bypass anti-modification protections and gain access to sensitive data. It is essential that users are vigilant and constantly update their devices to benefit from the latest protections provided by Google Play Protect. The security industry must remain proactive in detecting and preventing such innovative attacks to protect users and their data.

To minimize risks, Android users are advised to download apps only from trusted sources, check app permissions, and use mobile security solutions. Google continues to improve the security of the Android platform, and users should be aware of the risks and take proactive measures to protect themselves against cyber threats.