Android users warned about new threat after one victim loses $280K

Android users warned about new threat after one victim loses $280K،

Cybercriminals are constantly inventing new ways to game the system. We wonder if they are so smart, why haven’t they done anything better in their lives? Of course, this article is not intended to tout the intelligence of online criminals. This is a new Android malware called FjordPhantom.

Discovered by a security company Promotion, FjordPhantom is malware using never-before-seen strategies. What makes it scary is that it’s very good at avoiding detection.

The malware is believed to be wreaking havoc in Asian countries, Indonesia, Thailand, Vietnam, Singapore and Malaysia. One victim was scammed out of 10 million Thai baht, or approximately $280,000.

Android users warned of new threat after victim lost $280,000

The attack is launched by sending an email or message to a victim with an invitation to download a legitimate banking application. The problem is that once the application is downloaded, it is run in a virtual environment to allow attackers to control what happens. Virtualization provides a private execution environment for running code and helps you do things like downloading the same app twice so that it can be used by two users sharing the same device.

The malware also uses a hooking framework to intercept various actions. Hooking is a technique used to modify the behavior of applications or operating systems.

The attack also has a social element: after downloading an application, cybercriminals call the victim, posing as a bank customer service representative, to help them get the application working. This step can help the attacker trick the victim into making a transaction or revealing their credentials.

By uploading a legitimate application to a virtual file system and using hooking, FjordPhantom disrupts the way an application is normally handled by Android to report questionable behavior.

Since the app is installed in a virtual container, it breaks the Android sandbox, which is a security feature that isolates an app’s code and data from other apps and the system. This way, if an application is malicious, it cannot manipulate other applications or the main system.

Without sandboxing, applications can access each other’s files and inject code into each other. This also eliminates the need for root access and prevents root detection.

In short, these tactics allow FjordPhantom to carry out attacks without being detected because a user would never know that they are using a virtualization solution. Using the hooking framework, it prevents the system from alerting users about the use of screen readers to steal sensitive information.

Promon believes FjordPhantom will continue to evolve. To protect yourself, be sure to only download apps from trusted sources and avoid disclosing sensitive information over the phone, even if the person on the other end claims to be from your bank, as banks typically never ask such information to their customers. phone call.