Cybersecurity researchers have disclosed a brand new refined Android malware referred to as FjordPhantom that has been noticed focusing on customers in Southeast Asian nations like Indonesia, Thailand, and Vietnam since early September 2023.
“Spreading primarily by messaging providers, it combines app-based malware with social engineering to defraud banking clients,” Oslo-based cellular app safety agency Promon stated in an evaluation revealed Thursday.
Propagated primarily through e-mail, SMS, and messaging apps, assault chains trick recipients into downloading a purported banking app that comes fitted with reputable options but in addition incorporates rogue elements.
Victims are then subjected to a social engineering approach akin to telephone-oriented assault supply (TOAD), which entails calling a bogus name heart to obtain step-by-step directions for working the app.
A key attribute of the malware that units it other than different banking trojans of its sort is the usage of virtualization to run malicious code in a container and fly beneath the radar.
The sneaky technique, Promon stated, breaks Android’s sandbox protections because it permits totally different apps to be run on the identical sandbox, enabling the malware to entry delicate information with out requiring root entry.
“Virtualization options just like the one utilized by the malware can be used to inject code into an software as a result of the virtualization answer first masses its personal code (and every thing else present in its app) into a brand new course of after which masses the code of the hosted software,” safety researcher Benjamin Adolphi stated.
Within the case of FjordPhantom, the host app downloaded features a malicious module and the virtualization ingredient that is then used to put in and launch the embedded app of the focused financial institution in a digital container.
In different phrases, the bogus app is engineered to load the financial institution’s reputable app in a digital container whereas additionally using a hooking framework throughout the atmosphere to change the conduct of key APIs to seize delicate info from the appliance’s display screen programmatically and shut dialog packing containers used to warn malicious exercise on customers’ gadgets.
“FjordPhantom itself is written in a modular option to assault totally different banking apps,” Adolphi stated. “Relying on which banking app is embedded into the malware, it can carry out varied assaults on these apps.”
