Promon Discovers New Android Malware FJordPhantom
Promon, a leading cyber security company, has recently identified a new malicious Android malware called FJordPhantom. This advanced virus employs unique tactics of virtualization to evade detection by initiating the malicious code in a special container.
The core technique of the FJordPhantom attack involves luring victims into downloading counterfeit banking applications that imitate genuine ones. These applications, however, harbour malicious code that operates within a virtual environment and disrupts the functioning of legitimate banking apps. The primary objective of the malware is to steal online banking credentials and manipulate transactions.
FJordPhantom is disseminated through various channels such as email, SMS, and messaging platforms. Incidents of this malware have been recorded in Southeast Asian countries including Indonesia, Thailand, Vietnam, Singapore, and Malaysia. Notably, one victim fell prey to FJordPhantom and suffered a loss of $280,000, made possible by a combination of the malware’s stealthy nature and social engineering tactics in the form of calls from “Bank Customer Support Service”.
What sets FJordPhantom apart is its utilization of virtualization to create a hidden container within the victim’s device, unbeknownst to the user. Within this container, the malicious code operates alongside the genuine banking app, allowing it to manipulate data and intercept confidential information.
An alarming aspect of FJordPhantom is that it bypasses Android’s sandbox security concept, designed to prevent application interactions. Consequently, traditional methods of detecting harmful programs prove ineffective as the malware does not alter the banking app’s code.
FJordPhantom also has the ability to block functions associated with Google Play Services, making it even more difficult to detect during routine security inspections. Furthermore, the malware can intercept journaling data, which suggests ongoing development and enhancement for targeted attacks on other applications. Promon has issued a warning that as FJordPhantom continues to evolve, its reach and scope of damage may expand to include new countries and targets