Android banking app users need to be wary of new malware

A report published on November 30 by Cybersecurity Company Promon showed that the FjordPhantom malware started attacking users since early September 2023 and the countries targeted by this malware include Vietnam, Malaysia, Thailand, Indonesia and Singapore. So far, the FjordPhantom malware has defrauded and appropriated about 280,000 USD from victims.

This new Android malware uses virtualization technology to target users' banking apps, a technique that cybersecurity researchers say has never been seen in any malware before. FjordPhantom spreads through messaging services and combines app-based malware with social engineering to trick customers using banking apps.

Further investigation revealed that the malware was being distributed mainly via email, SMS messages and messaging apps. Users were tricked into downloading a legitimate banking app that contained the FjordPhantom malware.

Once the app is installed, the attackers, posing as customer service representatives, guide the user through the steps to run the app. The malware uses virtualization techniques to create a virtual container to run the app, and the attackers can monitor the user's actions and steal their credentials.

The FjordPhantom malware uses virtualization solutions to bypass the strict protection barriers of the Android operating system, allowing different applications to operate within that heavily protected environment.

This allows attackers to gain access to files and memory, debug, and inject code into other applications. This approach involves virtualization solutions loading their own code into a new process before loading the code of the hosted application. As a result, the malware can evade traditional methods of code injection detection because it does not modify the original application.

The FjordPhantom malware leverages the hooking framework to read, write, or execute arbitrary code on a program to evade detection by Google's SafetyNet protection system, detect screen readers, and suppress dialogs that alert users to ongoing malicious activity on the system. Additionally, the malware logs various actions performed by targeted apps, indicating active development and hinting at the possibility of targeting other apps in the future.

Security researchers say FjordPhantom is a sophisticated Android malware used to carry out real-world fraud.

Here are five solutions for Android users to protect themselves from malware, especially malware targeting banking apps:

1. Only download apps from trusted sources:The safest way to download apps for your Android device is from the official Google Play Store. Apps in the Play Store have been vetted by Google and are less likely to be malicious. If you need to download apps from a third-party source, be sure to do your research and only download apps from reputable sites.

2. Be careful about the permissions users grant to apps:When a user installs an app, it will ask the user to grant it access to certain data or features on the device. Only grant the app the permissions it needs to function. For example, if the user is installing a banking app, the app will need access to the user's contacts and call history. However, there is no reason for it to need access to the user's photos or location.

3. Always keep your device updated:Google regularly releases updates for Android to fix security vulnerabilities. Make sure to install these updates as soon as they become available. Users can enable automatic updates in their device settings.

4. Install mobile security application:Mobile security apps can help protect a user's device from malware by scanning apps and files for threats. They can also block malicious websites and phishing attempts. There are many different mobile security apps available, so do some research to find the right one.

5. Be careful what we click on:Be careful when clicking on links in emails or text messages, even if they appear to be from someone you know. These links can take users to malicious websites that can install malware on their devices.