Snowblind is a new android banking malware
that is mostly active in Southeast Asia.
Snowblind exploits a feature called ‘seccomp’,
which stands for ‘secure computing’.
It is used to check applications for signs of
tampering.
It injects a piece of code that loads before
seccomp initializes the anti-tampering
measures.
It can also disable biometric and two
factor authentication, two security features
commonly used by banking apps to thwart
unauthorized access.