SoumniBot is a high-tech malware specifically designed to attack Android devices, targeting banking data, primarily focusing on clients in South Korea. This potent malware is not only a significant threat to Android devices globally but also to personal information.
Eluding Detection and Analysis
SoumniBot uses refined techniques to avoid detection and analysis. Through manipulating files in each application, it successfully deceives security tools. It also deploys an invalid compression value when decompressing the manifest file and falsely reports the size of the manifest file in the APK. Furthermore, it exploits very long strings for XML namespace names in the manifest file.
Kaspersky’s Warnings
Kaspersky has flagged to Google the issues concerning the handling of files using these evasion techniques by the APK Analyzer. Regretfully, no response or corrective update has been received as yet.
Information Collection Post Installation
Once installed, SoumniBot kicks into action by collecting information. It establishes a connection with its Command and Control server and then collects data like the IP address, geolocation data, the list of installed apps, mobile service provider, phone number, contacts, account, and ringtone volume levels. Shockingly, it can also add and delete contacts, exfiltrate text messages, send text messages, exfiltrate photos and videos stored on the infected devices, and switch between silent and debugging modes.
Signs and Prevention of SoumniBot
- Detection: SoumniBot, despite its sophisticated techniques, is detectable. Signs of infection comprise slow device operation, unauthorized alteration to system settings, the emergence of suspicious apps, increased data usage, and rapid battery drain.
- Prevention: The most effective solution against SoumniBot is prevention. It is recommended to use antivirus software specifically designed for Android devices.
My name is Noah and I’m a dedicated member of the “Jason Deegan” team. With my passion for technology, I strive to bring you the latest and most exciting news in the world of high-tech.