FjordPhantom : Android Malware
Cybersecurity firm Promon has identified a novel Android malware named FjordPhantom that employs virtualization to target applications.
- FjordPhantom is a new malware that employs virtualization to elude detection and target applications.
- It propagates through messaging services and combines app-based malware with social engineering to deceive banking customers.
- It strategically zeroes in on users within Southeast Asia, encompassing countries such as Malaysia, Thailand, Indonesia, Singapore, and Vietnam.
- It utilises email, SMS, and messaging apps to entice users into unwittingly downloading what appears to be a legitimate banking app, which contains FjordPhantom.
- When this app gets installed, the attackers, posing as customer service representatives, guide the users through the steps to run the app.
- The malware uses virtualization to create a virtual container to run this app, and attackers can monitor the user’s actions and steal their credentials.
- It facilitates attackers in gaining access to files and memory, conducting debugging, and injecting code into other apps.
- Additionally, the malware logs various actions performed by the targeted applications, signifying active development and suggesting potential targeting of other apps in the future.