Android banking app users need to be wary of new malware

A report published on November 30 by cybersecurity company Promon showed that the FjordPhantom malware started attacking users since early September 2023 and the countries targeted by this malware include Vietnam, Malaysia, Thailand, Indonesia and Singapore. So far, the FjordPhantom malware has defrauded and appropriated about $280,000 from victims.

This new Android malware uses virtualization technology to target users' banking apps, a technique that cybersecurity researchers say has never been seen in any malware before. FjordPhantom spreads via messaging services and combines app-based malware with social engineering to trick customers into using banking apps.

Digging deeper, cybersecurity experts found that the malware was distributed primarily via email, SMS messages, and messaging apps. Users were tricked into downloading a legitimate banking app that contained the FjordPhantom malware.

Once the app is installed, the attackers, posing as customer service representatives, guide the user through the steps to run the app. The malware uses virtualization techniques to create a virtual container to run the app, and the attackers can monitor the user's actions and steal their credentials.

The FjordPhantom malware uses virtualization solutions to bypass the strict protections of the Android operating system, allowing different applications to operate within that heavily protected environment.

This allows attackers to gain access to files and memory, perform debugging, and inject code into other applications. This approach involves virtualization solutions loading their own code into a new process before loading the code of the hosted application. As a result, the malware can evade traditional methods of code injection detection because it does not modify the original application.

The FjordPhantom malware leverages a hooking framework to evade detection by Google's SafetyNet protection system, detect screen readers, and suppress dialogs that alert users to ongoing malicious activity on the system. Additionally, the malware logs various actions performed by targeted applications, indicating active development and hinting at the possibility of targeting other applications in the future.

Security researchers say FjordPhantom is a sophisticated Android malware used to carry out real-world fraud.

Here are five solutions for Android users to protect themselves from malware, especially malware targeting banking apps:

1. Only download apps from trusted sources:The safest way to download apps for your Android device is to download them from the official Google Play Store. Apps in the Play Store have been reviewed by Google and are less likely to be malicious. If you need to download an app from a third-party source, be sure to do your research and only download apps from reputable sites.

2. Be careful about the permissions users grant to apps:When a user installs an app, it will ask the user to grant it access to certain data or features on the device. Only grant the app the permissions it needs to function. For example, if a user is installing a banking app, the app will need access to the user's contacts and call history. However, there is no reason for it to need access to the user's photos or location.

3. Always keep your device updated:Google regularly releases updates to Android to fix security vulnerabilities. Be sure to install these updates as soon as they are available. Users can enable automatic updates in their device settings.

4. Install mobile security app:Mobile security apps can help protect a user's device from malware by scanning apps and files for threats. They can also block malicious websites and phishing attempts. There are many different mobile security apps available, so do some research to find the right one.

5. Be careful what we click on:Be careful when clicking on links in emails or text messages, even if they appear to be from someone you know. These links can take users to malicious websites that can install malware on their devices.