SoumniBot: the new Android banker’s unique techniques


The creators of widespread malware programs often employ various tools that hinder code detection and analysis, and Android malware is no exception.

As an example of this, droppers, such as Badpack and Hqwar, designed for stealthily delivering Trojan bankers or spyware to smartphones, are very popular among malicious actors who attack mobile devices. That said, we recently discovered a new banker, SoumniBot, which targets Korean users and is notable for an unconventional approach to evading analysis and detection, namely obfuscation of the Android manifest.

Read more…
Source: Kaspersky


Sign up for our Newsletter


Related:

  • Third-party breach leads to American Express customer data compromise

    March 4, 2024

    Payment card provider American Express Company is warning customers that their credit card details may have been exposed following a breach involving a third-party provider. The details were first revealed in a filing with the State of Massachusetts, with a form letter sent to affected customers stating that a third-party service provider “engaged by numerous merchants ...

  • New Banking Trojan “CHAVECLOAK” Targets Brazil

    March 4, 2024

    FortiGuard Labs recently uncovered a threat actor employing a malicious PDF file to propagate the banking Trojan CHAVECLOAK. This intricate attack involves the PDF downloading a ZIP file and subsequently utilizing DLL side-loading techniques to execute the final malware. Notably, CHAVECLOAK is specifically designed to target users in Brazil, aiming to steal sensitive information linked to ...

  • Charlotte Cowles’s $50,000 Scam Article, Anyone Can Become a Victim

    February 23, 2024

    “You must follow my directions very carefully. We do not have much time.” These are some of the words scammers used to influence and ultimately defraud Charlotte Cowles, a financial columnist at New York Magazine, in an elaborate imposter scam that cost Cowles and her family $50,000. In this one line alone, there are two classic ...

  • Cybersecurity for satellites is a growing challenge, as threats to space-based infrastructure grow

    February 20, 2024

    In today’s interconnected world, space technology forms the backbone of our global communication, navigation and security systems. Satellites orbiting Earth are pivotal for everything from GPS navigation to international banking transactions, making them indispensable assets in our daily lives and in global infrastructure. However, as our dependency on these celestial guardians escalates, so too does their ...

  • ALPHV ransomware says it was behind attacks on loanDepot, Prudential Financial

    February 19, 2024

    The infamous ALPHV ransomware operator (also known as BlackCat) has added two companies to its data leak site – Prudential Financial, and loanDepot, in a seeming admission it was behind the attacks on both companies. So far, the group has only added the names to its site, with the actual data not yet available. Apparently, the ...

  • Prudential reveals it was hit by data breach

    February 14, 2024

    Hackers were able to break into one of the largest life insurance companies in the United States and stole sensitive employee and contractor data. Prudential Financial has filed an 8-K form with the U.S. Securities and Exchange Commission (SEC) detailing the attack, according to a report. As per the filing, unnamed threat actors accessed the networks ...