SoumniBot: the new Android banker’s unique techniques


The creators of widespread malware programs often employ various tools that hinder code detection and analysis, and Android malware is no exception.

As an example of this, droppers, such as Badpack and Hqwar, designed for stealthily delivering Trojan bankers or spyware to smartphones, are very popular among malicious actors who attack mobile devices. That said, we recently discovered a new banker, SoumniBot, which targets Korean users and is notable for an unconventional approach to evading analysis and detection, namely obfuscation of the Android manifest.

Read more…
Source: Kaspersky


Sign up for our Newsletter


Related:

  • North Korean threat actor Citrine Sleet exploiting Chromium zero-day

    August 30, 2024

    On August 19, 2024, Microsoft identified a North Korean threat actor exploiting a zero-day vulnerability in Chromium, now identified as CVE-2024-7971, to gain remote code execution (RCE). Microsoft researchers assess with high confidence that the observed exploitation of CVE-2024-7971 can be attributed to a North Korean threat actor targeting the cryptocurrency sector for financial gain. Microsoft ...

  • #StopRansomware: RansomHub Ransomware

    August 29, 2024

    The Federal Bureau of Investigation (FBI) and partners are releasing this joint advisory to disseminate known RansomHub ransomware IOCs and TTPs. These have been identified through FBI threat response activities and third-party reporting as recently as August 2024. RansomHub is a ransomware-as-a-service variant—formerly known as Cyclops and Knight—that has established itself as an efficient and successful ...

  • Interpol busts Black Axe global crime network, arrest over 300

    August 28, 2024

    The International Criminal Police Organisation (INTERPOL) Police units had in a coordinated action in 21 countries between April and July 2024 arrested over 300 people with links to Nigerian criminal group Black Axe and other affiliated groups. In a statement, Interpol said operation “Operation Jackal III” led to hundreds of arrests, the seizure of assets worth ...

  • Laybuy collapsed after unreported cyber attack

    August 26, 2024

    A Klarna rival collapsed into bankruptcy after millions of pounds was stolen in a cyber attack. The collapse of Laybuy, a buy now, pay later (BNPL) start-up, followed a previously unreported hacking between December and February that left the business on the brink. Laybuy, which had more than 750,000 customers and was headquartered in New Zealand, filed ...

  • Approach to mainframe penetration testing on z/OS

    August 20, 2024

    Information technology is developing at a rapid pace, with completely new areas emerging, such as DevOps and DevSecOps – and we’re striving to keep up. However, in some projects, you may encounter systems built on rather outdated principles. Such systems must be approached with care, since a single mistake can lead to data loss and ...

  • BlindEagle flying high in Latin America

    August 19, 2024

    BlindEagle, also known as “APT-C-36”, is an APT actor recognized for employing straightforward yet impactful attack techniques and methodologies. The group is known for their persistent campaigns targeting entities and individuals in Colombia, Ecuador, Chile, Panama and other countries in Latin America. They have been targeting entities in multiple sectors, including governmental institutions, financial companies, energy ...