SoumniBot works very insidiously. For now, it is not known how it gets onto users’ devices, but there are many indications that it may, for example, be found in applications downloaded from unauthorized stores – we read on the website.
After installation, SoumniBot hides its icon
SoumniBot uses three different manifest methods to hide itself from the operating system’s security mechanisms. A manifest is a part of every application containing information about its components, permissions, and data. SoumniBot uses, among others: incorrect compression value when unpacking the APK manifest, and the system considers the file as unpacked. This allows you to bypass security checks. After installation, it hides its icon. If it hits, for example, an Android smartphone, it can cause many problems for the user.
Insidious SoumniBot malware. That’s how it works
According to telepolis.pl, SoumniBot launches, among others: a malicious service that, if closed, restarts after several minutes and sends stolen data from the phone to an external server every 15 seconds. “This includes a list of contacts, IP addresses, SMS messages, photos, videos and even digital online banking certificates,” we read.
It’s not everything. The malware can also add and delete contacts, send SMS messages, including forwarding those that have previously “fallen” on our smartphone, as well as change the ringtone volume, or turn the phone’s silent mode and debugging mode on and off. Its “abilities” can be used to steal money from a user’s account if, for example, they forward SMS messages with authentication codes.
Source: Gazeta
Mabel is a talented author and journalist with a passion for all things technology. As an experienced writer for the 247 News Agency, she has established a reputation for her in-depth reporting and expert analysis on the latest developments in the tech industry.
