What is FjordPhantom?

1 min read
What is FjordPhantom? Blog Image


Cybersecurity firm Promon has identified a novel Android malware named FjordPhantom that employs virtualization to target applications.

About FjordPhantom

  • It is a new malware that employs virtualization to elude detection and target applications.
  • It propagates through messaging services and combines app-based malware with social engineering to deceive banking customers.
  • It strategically zeroes in on users within Southeast Asia, encompassing countries such as Malaysia, Thailand, Indonesia, Singapore, and Vietnam.
  • Working:
    • It utilizes email, SMS, and messaging apps to entice users into unwittingly downloading what appears to be a legitimate banking app, which contains FjordPhantom.
    • When this app gets installed, the attackers, posing as customer service representatives, guide the users through the steps to run the app.
    • The malware uses virtualization to create a virtual container to run this app, and attackers can monitor the user’s actions and steal their credentials.
    • It facilitates attackers in gaining access to files and memory, conducting debugging, and injecting code into other apps.
    • Additionally, the malware logs various actions performed by the targeted applications, signifying active development and suggesting potential targeting of other apps in the future.

Q1) What is Malware?

Malware, or malicious software, is any program or file that is intentionally harmful to a computer, network or server. Types of malware include computer viruses, worms, Trojan horses, ransomware and spyware. These malicious programs steal, encrypt and delete sensitive data; alter or hijack core computing functions and monitor end users' computer activity.

Source: New Android Malware FjordPhantom Spreads Covertly Via Email, SMS, & Messaging Apps