A new banking Trojan targeting South Korean banking users, named SoumniBot, employs sophisticated obfuscation techniques that manipulate the Android manifest to execute its malicious activities. Researchers at Kaspersky discovered SoumniBot’s evasion strategies, including modifying the compression method and the size declaration in the manifest to evade detection. This malware targets digital certificates for online banking, facilitating fraudulent transactions by exfiltrating these certificates from compromised devices.
Relevant URL: https://www.databreachtoday.com/novel-android-malware-targets-south-korean-banking-users-a-24897