Mobile security experts at Promon have discovered a new malware, named "FjordPhantom," that exploits Android virtualization for evasion. In Android, applications can operate in isolated environments for various purposes, such as allowing users to run the same app with multiple accounts.
While the "sandbox" concept in Android aims to enhance security, FjordPhantom takes advantage of this framework. According to the Promon report, FjordPhantom disguises itself as a legitimate banking mobile application. The initial deception occurs because the app itself remains unaltered; instead, FjordPhantom installs the intended app for the user, but with malicious code wrapped around it. When executed within a virtual container, the malicious code utilizes API hooking to intercept credentials and sensitive information.
The malware is reportedly spreading through messaging applications, email, and SMS across Indonesia, Thailand, Vietnam, Singapore, and Malaysia.