Novel Android banking trojan uses mobile virtualization technique

Mobile banking users in Indonesia, Vietnam, and Thailand have been targeted in attacks deploying the novel FjordPhantom Android banking trojan, The Hacker News reports. Intrusions involved the utilization of email and messaging apps to lure targets into downloading a fraudulent banking app before proceeding with telephone-oriented attack delivery social engineering attacks to enable the execution of the malware, according to a Promon report. Researchers noted that the malicious module and virtualization element within the fake app allow the installation and deployment of the targeted bank's app in a virtual container. Key APIs could then be altered to facilitate the exfiltration of information from the app screen while closing dialog boxes warning of malicious app activity. "FjordPhantom itself is written in a modular way to attack different banking apps. Depending on which banking app is embedded into the malware, it will perform various attacks on these apps," said Promon researcher Benjamin Adolphi.