This sneaky new Android malware can hide in plain sight - and it's all thanks to virtualization

News
By Sead Fadilpašić
published

Malware running in a sandbox escapes all security checks

Trojan
(Image credit: Iaremenko Sergii / Shutterstock)

A sneaky new Android malware has been discovered using virtualization to avoid detection and making serious money for its operators.

FjordPhantom looks to steal money from people’s bank accounts. The malware was discovered by cybersecurity researchers Promon, who say it mostly targets users in Indonesia, Thailand, Vietnam, Singapore, and Malaysia. 

FjordPhantom spreads via phishing emails, SMS messages, and chat apps. 

Reader Offer: $50 Amazon gift card with demo

Reader Offer: $50 Amazon gift card with demo
Perimeter 81's Malware Protection intercepts threats at the delivery stage to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.

Preferred partner (What does this mean?

Beating the Android Sandbox

The threat actors would impersonate a popular bank in the region and reach out to the victims in an attempt to get them to download an app. However, together with the legitimate app, the victims would get malicious code running in a virtual environment, allowing the operators to attack the real banking app.

The threat actors leveraged open-source projects to create virtual containers on the target endpoint, without the user’s knowledge or consent. When the user launches the downloaded APK, it runs the actual banking app in the same container with the malicious code, making malware part of the trusted process.

This is dangerous not only because victims might lose their data and money, but also because it breaks the “Android Sandbox” security concept, whose premise is that apps can’t access each other’s data.

Furthermore, as the banking app isn’t modified, code tampering detection doesn’t work, either. The malware is also capable of hampering root-related security checks, as well, the researchers said.

When it comes to the malware’s capabilities, it can perform on-device fraud and steal banking credentials. Promon says that one victim was able to lose $280,000, thanks to a mix of malware and social engineering (the threat actors impersonated the bank’s customer support).

The best way to protect against such threats is to use common sense and only download apps from trusted sources. Also, before downloading an app, make sure to check the number of downloads and reviews, as these could be good indicators of malware.

Via BleepingComputer

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.