this post was submitted on 27 Jun 2024
16 points (100.0% liked)

Cybersecurity

8314 readers
32 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 2 years ago
MODERATORS
kid@sh.itjust.works
Lanky_Pomegranate530@midwest.social
16
Snowblind malware abuses Android security feature to bypass security (www.bleepingcomputer.com)
submitted 1 year ago by BrikoX@lemmy.zip to c/cybersecurity@sh.itjust.works
2 comments fedilink hide all child comments
 

A novel Android attack vector from a piece of malware tracked as Snowblind is abusing a security feature to bypass existing anti-tampering protections in apps that handle sensitive user data.

top 2 comments
sorted by: hot top controversial new old
[–] ryannathans@aussie.zone 7 points 1 year ago

Finally some decent malware

[–] jet@hackertalks.com 7 points 1 year ago

Snowblind targets apps that handle sensitive data by injecting a native library which loads before the anti-tampering code, and installs a seccomp filter to intercepts system calls such as the ‘open() syscall,’ commonly used in file access.

When the APK of the target app is checked for tampering, Snowblind's seccomp filter does not allow the call to proceed and instead triggers a SIGSYS signal indicating that the process sent a bad argument to the system call.