Cybersecurity researchers have disclosed a brand new subtle Android malware known as FjordPhantom that has been noticed focusing on customers in Southeast Asian international locations like Indonesia, Thailand, and Vietnam since early September 2023.
“Spreading primarily by messaging companies, it combines app-based malware with social engineering to defraud banking clients,” Oslo-based cellular app safety agency Promon stated in an evaluation printed Thursday.
Propagated primarily by way of e mail, SMS, and messaging apps, assault chains trick recipients into downloading a purported banking app that comes fitted with reputable options but additionally incorporates rogue parts.
Victims are then subjected to a social engineering approach akin to telephone-oriented assault supply (TOAD), which includes calling a bogus name middle to obtain step-by-step directions for working the app.
A key attribute of the malware that units it aside from different banking trojans of its variety is the usage of virtualization to run malicious code in a container and fly beneath the radar.
The sneaky technique, Promon stated, breaks Android’s sandbox protections because it permits completely different apps to be run on the identical sandbox, enabling the malware to entry delicate information with out requiring root entry.
“Virtualization options just like the one utilized by the malware will also be used to inject code into an utility as a result of the virtualization resolution first masses its personal code (and every thing else present in its app) into a brand new course of after which masses the code of the hosted utility,” safety researcher Benjamin Adolphi stated.
Within the case of FjordPhantom, the host app downloaded features a malicious module and the virtualization component that is then used to put in and launch the embedded app of the focused financial institution in a digital container.
In different phrases, the bogus app is engineered to load the financial institution’s reputable app in a digital container whereas additionally using a hooking framework throughout the atmosphere to change the habits of key APIs to seize delicate data from the appliance’s display programmatically and shut dialog bins used to warn malicious exercise on customers’ units.
When reached for remark, a Google spokesperson instructed The Hacker Information that “customers are protected by Google Play Shield, which might warn customers or block apps recognized to exhibit malicious habits on Android units with Google Play Providers, even when these apps come from sources exterior of Google Play.”
“FjordPhantom itself is written in a modular solution to assault completely different banking apps,” Adolphi stated. “Relying on which banking app is embedded into the malware, it’s going to carry out numerous assaults on these apps.”
Discover more from PressNewsAgency
Subscribe to get the latest posts sent to your email.