Android banking malware exploits weaknesses to perform info-stealing operations: Report
The Hindu
New Android banking malware exploits Android manifest weaknesses to steal user information remotely, evading standard security measures.
A new Android banking malware was found exploiting weaknesses in the Android manifest extraction and parsing procedure to perform information stealing operations. The malware is reported to be capable of evading standard security measures found in Android, making use of Android routine to parse and extract APK manifests, which is used to define the structure and store the Metadata of an application.
The malware was found to be capable of stealing user information including IP addresses, contact lists, account details, SMS messages, photos, videos, and online banking digital certificates. This exfiltration by the malware was found to be controlled remotely via a server, and could also receive commands to perform malicious activities. These include deleting existing or adding contacts, sending an SMS message, setting ringtone volume levels, and turning the debug mode on and off on a device.
While the method of infection of devices is unclear, researchers suggest that the malware may be rechecking devices over third-party Android stores and unsafe websites. Researchers also suggest that the malware may be spread through updates for apps with malicious code in legitimate apps.
The malware was first detected and analysed by Kaspersky researchers, who found that the malware can use malicious APKs to fool security tools and evade analysis. Researchers further reported that the malware uses three different approaches that involve manipulation of the manifest file’s compression and size, to bypass checks in the Android operating system.
(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)
Like many malicious Android apps, the malware hides its icon upon installation in a device, making it more difficult to remove and detect. However, it remains active in the background, sharing the stolen data with threat actors.
ACB files case against IPS officer N. Sanjay in Andhra Pradesh. The official is accused of manipulating the tender processes for awarding contract for development and maintenance of AGNI-NOC portal, and conducting awareness meetings for SC/STs. It is alleged that the total value of properties stolen, or involved in the case is estimated at ₹1,75,86,600.