SoumniBot: the new Android banker’s unique techniques


The creators of widespread malware programs often employ various tools that hinder code detection and analysis, and Android malware is no exception.

As an example of this, droppers, such as Badpack and Hqwar, designed for stealthily delivering Trojan bankers or spyware to smartphones, are very popular among malicious actors who attack mobile devices. That said, we recently discovered a new banker, SoumniBot, which targets Korean users and is notable for an unconventional approach to evading analysis and detection, namely obfuscation of the Android manifest.

Read more…
Source: Kaspersky


Sign up for our Newsletter


Related:

  • Lazarus APT Spinoff Linked to Banking Hacks

    April 3, 2017

    The Lazarus Group, a nation-state level of attacker tied to the 2014 attacks on Sony Pictures Entertainment, has splintered off a portion of its operation to concentrate on stealing money to fund itself. The group, widely believed to be North Korean, has been linked to a February 2016 attack against the Bangladesh Central bank that resulted ...

  • Banking Malware Source Code Leaked by Author to Gain Credibility Among Hackers

    March 29, 2017

    The source code for a new Trojan called Nuclear Bot has been leaked online, which may spark a rise in attacks against banking services. As it happens almost every time the source code for a malicious program lands online, it is quite likely to see more unskilled cybercriminals launching malware attacks against users. Nuclear Bot first landed ...

  • New Spam Campaign via Necurs Botnet Tries to Manipulate the Stock Market

    March 21, 2017

    The Necurs botnet is known as the largest spam botnet in the world, particularly for distributing Locky ransomware and Dridex. Now, it looks like Necurs is taking on a new role as someone tries to manipulate the stock market. The discovery was made by Cisco’s threat intelligence organization Talos, which notes that after being offline for ...

  • Cybersecurity And Financial Institutions: How New York’s “First-In-The-Nation” Data Security Regulations May Impact You

    March 11, 2017

    March 1, 2017 marked the implementation of New York’s cybersecurity regulations, subjecting covered financial institutions to arguably the most burdensome cybersecurity regime yet. The regulations, promulgated by the New York State Department of Financial Services (“NYDFS”), require banks, insurance companies, and other entities regulated by NYDFS to establish substantive cybersecurity programs and policies and to annually ...

  • Dridex Banking Trojan Gains ‘AtomBombing’ Code Injection Ability to Evade Detection

    March 1, 2017

    Security researchers have discovered a new variant of Dridex – one of the most nefarious banking Trojans actively targeting financial sector – with a new, sophisticated code injection technique and evasive capabilities called “AtomBombing.” On Tuesday, Magal Baz, security researcher at Trusteer IBM disclosed new research, exposing the new Dridex version 4, which is the latest ...

  • Could cybersecurity sink your next M&A?

    February 26, 2017

    Most CFOs don’t expect to see cybersecurity on their due diligence checklist for mergers and acquisitions. Yet cybersecurity – or a lack thereof – has massive implications for any deal: after all, the average data breach now costs organisations in the ballpark of $4 million, not to mention the potential damage to reputation and revenues when ...