Android users warned about new threat after one victim loses $280K،
The malware is believed to be wreaking havoc in Asian countries, Indonesia, Thailand, Vietnam, Singapore and Malaysia. One victim was scammed out of 10 million Thai baht, or approximately $280,000.
![Android users warned of new threat after victim lost $280,000](https://wikidollar.net/wp-content/uploads/2023/12/Android-users-warned-about-new-threat-after-one-victim-loses.jpg)
The attack is launched by sending an email or message to a victim with an invitation to download a legitimate banking application. The problem is that once the application is downloaded, it is run in a virtual environment to allow attackers to control what happens. Virtualization provides a private execution environment for running code and helps you do things like downloading the same app twice so that it can be used by two users sharing the same device.
The attack also has a social element: after downloading an application, cybercriminals call the victim, posing as a bank customer service representative, to help them get the application working. This step can help the attacker trick the victim into making a transaction or revealing their credentials.
By uploading a legitimate application to a virtual file system and using hooking, FjordPhantom disrupts the way an application is normally handled by Android to report questionable behavior.
Since the app is installed in a virtual container, it breaks the Android sandbox, which is a security feature that isolates an app’s code and data from other apps and the system. This way, if an application is malicious, it cannot manipulate other applications or the main system.
Without sandboxing, applications can access each other’s files and inject code into each other. This also eliminates the need for root access and prevents root detection.
Promon believes FjordPhantom will continue to evolve. To protect yourself, be sure to only download apps from trusted sources and avoid disclosing sensitive information over the phone, even if the person on the other end claims to be from your bank, as banks typically never ask such information to their customers. phone call.