This sneaky new Android malware can hide in plain sight - and it’s all thanks to virtualization

Malware running in a sandbox escapes all security checks

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A sneaky new Android malware has been discovered using virtualization to avoid detection and making serious money for its operators.

FjordPhantom looks to steal money from people’s bank accounts. The malware was discovered by cybersecurity researchers Promon, who say it mostly targets users in Indonesia, Thailand, Vietnam, Singapore, and Malaysia.

FjordPhantom spreads via phishing emails, SMS messages, and chat apps.

Reader Offer: $50 Amazon gift card with demoPerimeter 81’s Malware Protection intercepts threats at the delivery stage to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.

Preferred partner (What does this mean?)

Beating the Android Sandbox

The threat actors would impersonate a popular bank in the region and reach out to the victims in an attempt to get them to download an app. However, together with the legitimate app, the victims would get malicious code running in a virtual environment, allowing the operators to attack the real banking app.

The threat actors leveraged open-source projects to create virtual containers on the target endpoint, without the user’s knowledge or consent. When the user launches the downloaded APK, it runs the actual banking app in the same container with the malicious code, making malware part of the trusted process.

This is dangerous not only because victims might lose their data and money, but also because it breaks the “Android Sandbox” security concept, whose premise is that apps can’t access each other’s data.

Furthermore, as the banking app isn’t modified, code tampering detection doesn’t work, either. The malware is also capable of hampering root-related security checks, as well, the researchers said.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

When it comes to the malware’s capabilities, it can perform on-device fraud and steal banking credentials. Promon says that one victim was able to lose $280,000, thanks to a mix of malware and social engineering (the threat actors impersonated the bank’s customer support).

The best way to protect against such threats is to use common sense and only download apps from trusted sources. Also, before downloading an app, make sure to check the number of downloads and reviews, as these could be good indicators of malware.

ViaBleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

How to turn off Meta AI