Close this search box.

New threat targeting Android users prompts warning after victim loses $280K

Cybercriminals are constantly developing new ways to exploit the system. It’s hard to fathom why they wouldn’t put their intelligence to better use. However, this post is not about praising criminals’ intelligence. It’s about a new Android malware known as FjordPhantom.

Discovered by security experts, FjordPhantom is a malware that utilizes unprecedented strategies, making it remarkably adept at evading detection.

The malware is reported to be causing chaos in Asian countries such as Indonesia, Thailand, Vietnam, Singapore, and Malaysia. One victim was defrauded of 10 million Thai Baht, which is approximately $280,000.

The attack begins with the victim receiving an email or message containing a prompt to download a legitimate banking app. However, once the app is downloaded, it runs in a virtual environment, allowing attackers to take control of the device. Virtualization provides a private execution environment for running code, allowing activities such as downloading the same app twice for use by two users sharing the same device.

The malware also employs a hooking framework to intercept various actions. Hooking is a technique used to modify the behavior of apps or operating systems.

There’s also a social engineering element to the attack: after the app is downloaded, cybercriminals call the victim, impersonating a customer service representative from the bank to assist with running the app. This step helps the attacker deceive the victim into conducting a transaction or disclosing credentials.

By downloading a legitimate app into a virtual file system and using hooking, FjordPhantom disrupts the normal handling of an app by Android to avoid detection of any suspicious activity.

Since the app is installed in a virtual container, it bypasses the Android sandbox, a security feature that isolates an app’s code and data from other apps and the system. Without sandboxing, apps can access each other’s files, inject code into each other, and eliminate the need for root access and root detection.

In summary, these tactics enable FjordPhantom to carry out attacks without detection, as users would not realize that a virtualization solution is being used. The use of the hooking framework prevents the system from alerting users about the use of screenreaders to steal sensitive information.

Experts believe that FjordPhantom will continue to evolve. To protect yourself, ensure that you only download apps from trusted sources and refrain from sharing sensitive information over the phone, even if the caller claims to be from your bank, as banks typically do not request such information over the phone.

Share on:

Leave a Reply

Looking for Repair Parts!

Check Out Our Services

Follow Us

Featured Posts

On Key

Related Posts