SoumniBot: the new Android banker’s unique techniques


The creators of widespread malware programs often employ various tools that hinder code detection and analysis, and Android malware is no exception.

As an example of this, droppers, such as Badpack and Hqwar, designed for stealthily delivering Trojan bankers or spyware to smartphones, are very popular among malicious actors who attack mobile devices. That said, we recently discovered a new banker, SoumniBot, which targets Korean users and is notable for an unconventional approach to evading analysis and detection, namely obfuscation of the Android manifest.

Read more…
Source: Kaspersky


Sign up for our Newsletter


Related:

  • New Banking Trojan “CHAVECLOAK” Targets Brazil

    March 4, 2024

    FortiGuard Labs recently uncovered a threat actor employing a malicious PDF file to propagate the banking Trojan CHAVECLOAK. This intricate attack involves the PDF downloading a ZIP file and subsequently utilizing DLL side-loading techniques to execute the final malware. Notably, CHAVECLOAK is specifically designed to target users in Brazil, aiming to steal sensitive information linked to ...

  • Charlotte Cowles’s $50,000 Scam Article, Anyone Can Become a Victim

    February 23, 2024

    “You must follow my directions very carefully. We do not have much time.” These are some of the words scammers used to influence and ultimately defraud Charlotte Cowles, a financial columnist at New York Magazine, in an elaborate imposter scam that cost Cowles and her family $50,000. In this one line alone, there are two classic ...

  • Cybersecurity for satellites is a growing challenge, as threats to space-based infrastructure grow

    February 20, 2024

    In today’s interconnected world, space technology forms the backbone of our global communication, navigation and security systems. Satellites orbiting Earth are pivotal for everything from GPS navigation to international banking transactions, making them indispensable assets in our daily lives and in global infrastructure. However, as our dependency on these celestial guardians escalates, so too does their ...

  • ALPHV ransomware says it was behind attacks on loanDepot, Prudential Financial

    February 19, 2024

    The infamous ALPHV ransomware operator (also known as BlackCat) has added two companies to its data leak site – Prudential Financial, and loanDepot, in a seeming admission it was behind the attacks on both companies. So far, the group has only added the names to its site, with the actual data not yet available. Apparently, the ...

  • Prudential reveals it was hit by data breach

    February 14, 2024

    Hackers were able to break into one of the largest life insurance companies in the United States and stole sensitive employee and contractor data. Prudential Financial has filed an 8-K form with the U.S. Securities and Exchange Commission (SEC) detailing the attack, according to a report. As per the filing, unnamed threat actors accessed the networks ...

  • State of Emergency: How Minnesota hospitals, state officials prepare for cyber attacks

    February 13, 2024

    The State of Minnesota stores and protects data on some six million residents, and that’s only one cache of sensitive information under the close watch of Minnesota IT Services (MNIT). “It’s everything from highways and highway traffic control systems, we run the zoo. We run everything in between,” John Israel, chief information security officer at MNIT, ...