Through the tireless work of security experts it was possible to identify and analyze FjordPhantomun malware Android particularly elusive.
The malicious agent, first reported in early September in Southeast Asia, remained almost a “ghost” for several weeks, as not even experts could outline its salient characteristics.
Everything changed when, thanks to the research team of Promontory, it was possible to get our hands on a sample of the malware. This allowed the in-depth analysis of FjordPhantom, an operation which allowed us to outline a disturbing scenario, to say the least.
The malware, mainly active in countries such as Indonesia, Thailand and Vietnam, uses a combination of techniques social engineering to spread and proliferate. The target outlined by the cybercriminals is the banking customers who, apparently, receive SMS o e-mail through which an (seemingly legitimate) app from your bank is promoted.
The FjordPhantom malware combines social engineering and virtualization techniques
After downloading and running the app, the victim is directed to a call center bogus, through which sensitive data is stolen. Another unique feature linked to FjordPhantom is the use of virtualization.
By using applications on the victim’s device in virtual contexts, the malware evades the system sandbox Android. In this way, the malware eliminates detection measures typical of contemporary smartphones. With a few simple moves, therefore, the cybercriminals who manage the operation manage to take the total control of the device.
This malware, given its rapid expansion, could soon reach the West as well. Promon, in this sense, underlined how important it is to download apps only from reliable sources, avoiding those that are not the main stores in the sector. As with many other malware in circulation, also in this case an excellent one antivirus can make a difference.