This sneaky new Android malware can hide in plain sight - and it's all thanks to virtualization

(Image credit: Iaremenko Sergii / Shutterstock)

A sneaky new Android malware has been discovered using virtualization to avoid detection and making serious money for its operators.

FjordPhantom looks to steal money from people’s bank accounts. The malware was discovered by cybersecurity researchers Promon, who say it mostly targets users in Indonesia, Thailand, Vietnam, Singapore, and Malaysia.

FjordPhantom spreads via phishing emails, SMS messages, and chat apps.

Beating the Android Sandbox

The threat actors would impersonate a popular bank in the region and reach out to the victims in an attempt to get them to download an app. However, together with the legitimate app, the victims would get malicious code running in a virtual environment, allowing the operators to attack the real banking app.

The threat actors leveraged open-source projects to create virtual containers on the target endpoint, without the user’s knowledge or consent. When the user launches the downloaded APK, it runs the actual banking app in the same container with the malicious code, making malware part of the trusted process.

This is dangerous not only because victims might lose their data and money, but also because it breaks the “Android Sandbox” security concept, whose premise is that apps can’t access each other’s data.

Furthermore, as the banking app isn’t modified, code tampering detection doesn’t work, either. The malware is also capable of hampering root-related security checks, as well, the researchers said.

When it comes to the malware’s capabilities, it can perform on-device fraud and steal banking credentials. Promon says that one victim was able to lose $280,000, thanks to a mix of malware and social engineering (the threat actors impersonated the bank’s customer support).

The best way to protect against such threats is to use common sense and only download apps from trusted sources. Also, before downloading an app, make sure to check the number of downloads and reviews, as these could be good indicators of malware.

Via BleepingComputer

More from TechRadar Pro

These Android apps are nothing but adware, but have been installed over 2 million times already - so uninstall now
Here's a list of the best firewalls around today
These are the best malware removal tools right now

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.