Explained: What Is Snowblind Malware That Can Steal Bank Data From Android

Discovered by cybersecurity firm Promon, this malware can take your banking login details and perform unauthorised transactions.

The rise of mobile banking has brought convenience to our fingertips, but it also comes with a growing security concern. A new malware called ‘Snowblind' is targeting Android users and stealing banking credentials. What is Snowblind Android malware?Snowblind is a malware that targets Android devices to steal banking information. Discovered by cybersecurity firm Promon, this malware can take your banking login details and perform unauthorised transactions. How it gets into your systemPeople usually get this virus by downloading a malicious app that looks legitimate. The malware repackages an app to avoid detection and misuses accessibility features to steal sensitive information and control the app remotely, said Vidar Krey, VP of engineering at Promon. "We believe these types of apps have likely spread outside of the official app stores. This has almost certainly been achieved via social engineering attacks, a still very prevalent and widely reported method of duping less tech-savvy users," Mr Krey told PCMag. How does Snowblind malware work?Unlike other Android malware, Snowblind bypasses Android's built-in security by exploiting a feature called "seccomp" in the Linux kernel, which is supposed to check for tampering.Snowblind injects code before seccomp activates, allowing it to bypass security checks and use accessibility services to monitor your screen, making it easier to steal your login information or interrupt your banking app sessions. This lets it disable biometric and two-factor authentication (2FA) protections, putting you at higher risk for fraud and identity theft. The malware works quietly in the background, so you might not even realise it is on your device.