Sneaky Android Malware Evades Detection – Is Your Phone Safe?

Another day, another trojan is on the loose, targeting Android users. This time, the ‘SoumniBot’ was found, and some pretty clever tricks were used to avoid detection. Currently, it’s mainly targeting users in South Korea by leveraging weaknesses in the manifest extraction and parsing procedure.

As you might or might not know, every Android app comes with a manifest XML file, which is located in the root directory and declares the various components of the app, as well as the permissions and hardware and software features it requires. Because this is so widely known, threat hunters typically commence their analysis by inspecting the app’s manifest file to determine its behavior.

It’s important to note that this method has been adopted by threat actors associated with several Android banking trojans since April 2023. Additionally, SoumniBot also misrepresents the archived manifest file size, providing a value that exceeds the actual figure because the “uncompressed” file is directly copied, with the manifest parser ignoring the rest of the “overlay” data.

Kaspersky researcher Dmitry Kalinin stated that this malware is notable for its unconventional approach to evading analysis and detection. Kalinin has also said, “Although any unpacker that correctly implements compression method validation would consider a manifest like that invalid, the Android APK parser recognizes it correctly and allows the application to be installed.”

SoumniBot will be invisible once your device is infected

Like many other trojans that affect Android devices, SoumniBot will hide its icon after installation, making it more difficult to remove. But it does remain active int he background, uploading data from the victim.

Kaspersky goes into more detail about this Android Trojan, as well as providing some indicators of compromise, so you can protect yourself and your device(s). The reason for Kaspersky to detail the techniques used by this Trojan is so that researchers around the world are aware of the tactic and can put together resolutions to keep SoumniBot from causing more havoc.

The post Sneaky Android Malware Evades Detection – Is Your Phone Safe? appeared first on Android Headlines.