SoumniBot: the new Android banker’s unique techniques


The creators of widespread malware programs often employ various tools that hinder code detection and analysis, and Android malware is no exception.

As an example of this, droppers, such as Badpack and Hqwar, designed for stealthily delivering Trojan bankers or spyware to smartphones, are very popular among malicious actors who attack mobile devices. That said, we recently discovered a new banker, SoumniBot, which targets Korean users and is notable for an unconventional approach to evading analysis and detection, namely obfuscation of the Android manifest.

Read more…
Source: Kaspersky


Sign up for our Newsletter


Related:

  • Payday lender Wonga admits to data breach

    April 10, 2017

    Payday lender Wonga has advised 270,000 customers of a data breach and offered inconsistent advice about the severity of the incident and how to respond. An “incident FAQ” on the company’s site says “We believe there may have been illegal and unauthorised access to the personal data of some of our customers.” The Reg understands 270,000 ...

  • Finance firms to spend more on security as concern over cyber crime soars

    April 5, 2017

    Over 80pc of financial services firms plan to pump cash into cybersecurity this year, almost double that of last year as fears over cyber attacks swell. Corporate adviser Duff & Phelps, which analysed 200 executives in Europe, Hong Kong and the US, said 86pc of financial services firms intend to spend more time and money on cybersecurity this year. That’s a significant increase on last year, ...

  • Lazarus APT Spinoff Linked to Banking Hacks

    April 3, 2017

    The Lazarus Group, a nation-state level of attacker tied to the 2014 attacks on Sony Pictures Entertainment, has splintered off a portion of its operation to concentrate on stealing money to fund itself. The group, widely believed to be North Korean, has been linked to a February 2016 attack against the Bangladesh Central bank that resulted ...

  • Banking Malware Source Code Leaked by Author to Gain Credibility Among Hackers

    March 29, 2017

    The source code for a new Trojan called Nuclear Bot has been leaked online, which may spark a rise in attacks against banking services. As it happens almost every time the source code for a malicious program lands online, it is quite likely to see more unskilled cybercriminals launching malware attacks against users. Nuclear Bot first landed ...

  • New Spam Campaign via Necurs Botnet Tries to Manipulate the Stock Market

    March 21, 2017

    The Necurs botnet is known as the largest spam botnet in the world, particularly for distributing Locky ransomware and Dridex. Now, it looks like Necurs is taking on a new role as someone tries to manipulate the stock market. The discovery was made by Cisco’s threat intelligence organization Talos, which notes that after being offline for ...

  • Cybersecurity And Financial Institutions: How New York’s “First-In-The-Nation” Data Security Regulations May Impact You

    March 11, 2017

    March 1, 2017 marked the implementation of New York’s cybersecurity regulations, subjecting covered financial institutions to arguably the most burdensome cybersecurity regime yet. The regulations, promulgated by the New York State Department of Financial Services (“NYDFS”), require banks, insurance companies, and other entities regulated by NYDFS to establish substantive cybersecurity programs and policies and to annually ...