What is FjordPhantom?

About FjordPhantom:

• It is a new malware that employs virtualization to elude detection and target applications.
• It propagates through messaging services and combines app-based malware with social engineering to deceive banking customers.
• It strategically zeroes in on users within Southeast Asia, encompassing countries such as Malaysia, Thailand, Indonesia, Singapore, and Vietnam.
• Working:
  • It utilises email, SMS, and messaging apps to entice users into unwittingly downloading what appears to be a legitimate banking app, which contains FjordPhantom.
  • When this app gets installed, the attackers, posing as customer service representatives, guide the users through the steps to run the app.
  • The malware uses virtualization to create a virtual container to run this app, and attackers can monitor the user’s actions and steal their credentials.
  • It facilitates attackers in gaining access to files and memory, conducting debugging, and injecting code into other apps.
  • Additionally, the malware logs various actions performed by the targeted applications, signifying active development and suggesting potential targeting of other apps in the future.