i-Sprint Uncovers Sneaky Android Banking Malware, FjordPhantom
New Malware Threat Detected
![art](https://www.i-sprint.com/wp-content/uploads/2024/02/art.png)
![art](https://www.i-sprint.com/wp-content/uploads/2024/02/art.png)
![art](https://www.i-sprint.com/wp-content/uploads/2024/02/art.png)
Promon and i-Sprint recently uncovered a new Android malware spreading across Southeast Asia. Out of the 113 banking apps tested, an alarming 80.5% cannot protect against FjordPhantom.
How Does It Work?
![fjordphantom art (2)](https://www.i-sprint.com/wp-content/uploads/2024/02/fjordphantom-art-2.png)
![fjordphantom art (2)](https://www.i-sprint.com/wp-content/uploads/2024/02/fjordphantom-art-2.png)
![fjordphantom art (2)](https://www.i-sprint.com/wp-content/uploads/2024/02/fjordphantom-art-2.png)
![number (1)](https://www.i-sprint.com/wp-content/uploads/2024/02/number-1.png)
![number (1)](https://www.i-sprint.com/wp-content/uploads/2024/02/number-1.png)
![number (1)](https://www.i-sprint.com/wp-content/uploads/2024/02/number-1.png)
Distribution
- FjordPhantom targets banking customers with deceptive app downloads, using sophisticated social engineering tactics.
- Primarily spreads through email, SMS, and messaging apps
![fjordphantom art (3)](https://www.i-sprint.com/wp-content/uploads/2024/02/fjordphantom-art-3.png)
![fjordphantom art (3)](https://www.i-sprint.com/wp-content/uploads/2024/02/fjordphantom-art-3.png)
![fjordphantom art (3)](https://www.i-sprint.com/wp-content/uploads/2024/02/fjordphantom-art-3.png)
![number (2)](https://www.i-sprint.com/wp-content/uploads/2024/02/number-2.png)
![number (2)](https://www.i-sprint.com/wp-content/uploads/2024/02/number-2.png)
![number (2)](https://www.i-sprint.com/wp-content/uploads/2024/02/number-2.png)
Virtualization
- FjordPhantom employs an unprecedented virtualization technique, eluding user detection and security measures.
- This allows the malware to utilize its hooking framework, enabling multiple apps to operate within the same sandbox
![fjordphantom art (4)](https://www.i-sprint.com/wp-content/uploads/2024/02/fjordphantom-art-4.png)
![fjordphantom art (4)](https://www.i-sprint.com/wp-content/uploads/2024/02/fjordphantom-art-4.png)
![fjordphantom art (4)](https://www.i-sprint.com/wp-content/uploads/2024/02/fjordphantom-art-4.png)
![number (3)](https://www.i-sprint.com/wp-content/uploads/2024/02/number-3.png)
![number (3)](https://www.i-sprint.com/wp-content/uploads/2024/02/number-3.png)
![number (3)](https://www.i-sprint.com/wp-content/uploads/2024/02/number-3.png)
Hooking
- Code Injection: FjordPhantom injects malicious code into banking apps, manipulating Accessibility and GooglePlayServices APIs for detection evasion.
- UI Manipulation: The malware hooks into UI functionality, automatically closing dialog boxes to avoid raising suspicion.
- Stealthy Logging: FjordPhantom strategically places hooks to log target app actions without altering their visible behavior.
![5](https://www.i-sprint.com/wp-content/uploads/2024/01/5.png)
![5](https://www.i-sprint.com/wp-content/uploads/2024/01/5.png)
![5](https://www.i-sprint.com/wp-content/uploads/2024/01/5.png)
![number (4)](https://www.i-sprint.com/wp-content/uploads/2024/02/number-4.png)
![number (4)](https://www.i-sprint.com/wp-content/uploads/2024/02/number-4.png)
![number (4)](https://www.i-sprint.com/wp-content/uploads/2024/02/number-4.png)
Attack
- Orchestrates a comprehensive attack for stealing sensitive information and manipulating user interactions within the app.
- Exploits the virtualized environment to execute real-world fraud, evading conventional security measures
The good news? We’re ahead of the curve.
Our latest release of AppProtect+ includes a powerful solution to detect and neutralize FjordPhantom.
Find Out If Your Company App Holds Up Against Fjordphantom:
Understanding Snowblind: The Emerging seccomp-based Attack
Snowblind is a sophisticated security threat that leverages the Linux kernel feature, seccomp, to compromise mobile applications.
2024 Cybersecurity Excellence Awards
i-Sprint has won multiple awards at the 2024 Cybersecurity Excellence Awards