Yesterday, a security firm published a report about a never-before-seen Android malware named Snowblind. It allegedly abuses a built-in Android safety feature to avoid detection. Its novel technique made all modern Android devices and apps vulnerable to it. However, Google refutes the claim. In a statement to Android Headlines, the Android maker said it was already aware of the malware and has implemented safety measures against it.
Google Play Protect can detect and block Snowblind Android malware
Discovered by mobile app security provider Promon, Snowblind is a new Android banking malware that manipulates the Android system to compromise apps without detection. It attacks Android’s safety tool called “seccomp” (secure computing) to bypass security checks and stealthily execute malicious activities. The attackers can steal login credentials and other information to make unauthorized financial transactions on infected devices.
Promon said it had never seen “seccomp being used as an attack vector before,” making Snowblind a first-of-its-kind Android malware. The firm added that it does not expect many apps to have protections against it. The security provider encouraged its customers and other app developers to upgrade to its Promon SHIELD version 6.5.2 or newer to keep their products safe from Snowblind and other potential seccomp-based security attacks in the future.
Shortly after we reported on Promon’s discovery, Google reached out saying it was aware of Snowblind and its techniques. “We can confirm we were already aware of this malware before this report,” the company said in an emailed statement to us. It didn’t mention the malware’s name for obvious reasons—Promon gave the name Snowblind because it was the first to publicly disclose this Android banking malware abusing a system feature.
“Based on our current detection, no apps containing this malware are found on Google Play,” the official statement added. “Android users are automatically protected against known versions of this malware by Google Play Protect, which is on by default on Android devices with Google Play Services. Google Play Protect can warn users or block apps known to exhibit malicious behavior, even when those apps come from sources outside of Play.”
Snowblind may not be as dangerous as it originally sounded
Promon’s report suggested that Snowblind is a dangerous malware and that most Android apps lack protection against it. However, Google’s statement clarifies the threat. While the malware exists, Google Play Protect automatically blocks its activities, protecting Android users from all known versions of Snowblind. Google Play Protect can also detect malicious behavior in apps installed from outside of the Play Store. However, it is always safer to only download apps from official stores.
2024-06-27 15:06:22