New Android Trojan ‘SoumniBot’ Evades Detection with Stealthy Techniques.

SoumniBot

New Android Trojan ‘SoumniBot’ Evades Detection with Stealthy Techniques.

image-29 New Android Trojan 'SoumniBot' Evades Detection with Stealthy Techniques.
  • Targeting South Korea: This Trojan seems to focus on South Korean users, potentially exploiting specific vulnerabilities in regional apps or user behavior.
  • Manifest Obfuscation: SoumniBot utilizes a unique method to evade detection. It obfuscates its Android manifest file, a crucial file that outlines an app’s permissions and functionalities. By obscuring this file, security software may miss red flags that would normally indicate malicious intent.
  • Data Exfiltration: Once installed, SoumniBot reaches out to a pre-programmed server to obtain instructions. It then gathers a comprehensive range of user data, including:
    • Device information (model, operating system)
    • Contact lists
    • SMS messages
    • Photos and videos
    • List of installed applications
  • Regular Data Uploads: The Trojan uploads pilfered data every 15 seconds, maximizing the information it can gather before detection.
  • Automatic Service Restart: SoumniBot sets its malicious service to restart every 16 minutes. This ensures continued data collection even if the service is interrupted.
  • Download with Caution: Only install applications from trusted sources, like the official Google Play Store. Avoid downloading apps from untrusted websites or third-party stores.
  • Scrutinize Permissions: Pay close attention to the permissions requested by an app during installation. If an app asks for access to data that seems unrelated to its function, be wary and consider not installing it.
  • Security Software: Utilize a reputable security app for your Android device. While some Trojans might slip through the cracks, security software can offer an extra layer of protection.
  • Stay Updated: Keep your Android device and apps updated with the latest security patches. These patches often address newly discovered vulnerabilities that Trojans can exploit.

Share this content:

Post Comment