i-Sprint Uncovers Sneaky Android Banking Malware, FjordPhantom
New Malware Threat Detected

<img decoding="async" width="321" height="440" title="art" src="https://www.i-sprint.com/wp-content/uploads/2024/02/art.png" alt class="img-responsive wp-image-85769" srcset="https://www.i-sprint.com/wp-content/uploads/2024/02/art-200x274.png 200w, https://www.i-sprint.com/wp-content/uploads/2024/02/art.png 321w" sizes="(max-width: 800px) 100vw, 321px" />

art

Promon and i-Sprint recently uncovered a new Android malware spreading across Southeast Asia. Out of the 113 banking apps tested, an alarming 80.5% cannot protect against FjordPhantom.

How Does It Work?

<img decoding="async" width="321" height="581" title="fjordphantom art (2)" src="https://www.i-sprint.com/wp-content/uploads/2024/02/fjordphantom-art-2.png" class="img-responsive wp-image-85770 img-with-aspect-ratio" alt srcset="https://www.i-sprint.com/wp-content/uploads/2024/02/fjordphantom-art-2-200x362.png 200w, https://www.i-sprint.com/wp-content/uploads/2024/02/fjordphantom-art-2.png 321w" sizes="(max-width: 1024px) 100vw, (max-width: 640px) 100vw, 321px" />

fjordphantom art (2)

<img decoding="async" width="56" height="56" title="number (1)" src="https://www.i-sprint.com/wp-content/uploads/2024/02/number-1.png" alt class="img-responsive wp-image-85771"/>

Distribution

FjordPhantom targets banking customers with deceptive app downloads, using sophisticated social engineering tactics.
Primarily spreads through email, SMS, and messaging apps

<img decoding="async" width="321" height="581" title="fjordphantom art (3)" src="https://www.i-sprint.com/wp-content/uploads/2024/02/fjordphantom-art-3.png" class="img-responsive wp-image-85776 img-with-aspect-ratio" alt srcset="https://www.i-sprint.com/wp-content/uploads/2024/02/fjordphantom-art-3-200x362.png 200w, https://www.i-sprint.com/wp-content/uploads/2024/02/fjordphantom-art-3.png 321w" sizes="(max-width: 1024px) 100vw, (max-width: 640px) 100vw, 321px" />

fjordphantom art (3)

<img decoding="async" width="56" height="56" title="number (2)" src="https://www.i-sprint.com/wp-content/uploads/2024/02/number-2.png" alt class="img-responsive wp-image-85777"/>

Virtualization

FjordPhantom employs an unprecedented virtualization technique, eluding user detection and security measures.
This allows the malware to utilize its hooking framework, enabling multiple apps to operate within the same sandbox

<img decoding="async" width="321" height="581" title="fjordphantom art (4)" src="https://www.i-sprint.com/wp-content/uploads/2024/02/fjordphantom-art-4.png" class="img-responsive wp-image-85778 img-with-aspect-ratio" alt srcset="https://www.i-sprint.com/wp-content/uploads/2024/02/fjordphantom-art-4-200x362.png 200w, https://www.i-sprint.com/wp-content/uploads/2024/02/fjordphantom-art-4.png 321w" sizes="(max-width: 1024px) 100vw, (max-width: 640px) 100vw, 321px" />

fjordphantom art (4)

<img decoding="async" width="56" height="56" title="number (3)" src="https://www.i-sprint.com/wp-content/uploads/2024/02/number-3.png" alt class="img-responsive wp-image-85779"/>

Hooking

Code Injection: FjordPhantom injects malicious code into banking apps, manipulating Accessibility and GooglePlayServices APIs for detection evasion.
UI Manipulation: The malware hooks into UI functionality, automatically closing dialog boxes to avoid raising suspicion.
Stealthy Logging: FjordPhantom strategically places hooks to log target app actions without altering their visible behavior.

<img decoding="async" width="321" height="581" title="5" src="https://www.i-sprint.com/wp-content/uploads/2024/01/5.png" class="img-responsive wp-image-85678 img-with-aspect-ratio" alt srcset="https://www.i-sprint.com/wp-content/uploads/2024/01/5-200x362.png 200w, https://www.i-sprint.com/wp-content/uploads/2024/01/5.png 321w" sizes="(max-width: 1024px) 100vw, (max-width: 640px) 100vw, 321px" />

<img decoding="async" width="56" height="56" title="number (4)" src="https://www.i-sprint.com/wp-content/uploads/2024/02/number-4.png" alt class="img-responsive wp-image-85780"/>

Attack

Orchestrates a comprehensive attack for stealing sensitive information and manipulating user interactions within the app.
Exploits the virtualized environment to execute real-world fraud, evading conventional security measures

The good news? We’re ahead of the curve.

Our latest release of AppProtect+ includes a powerful solution to detect and neutralize FjordPhantom.

Find Out If Your Company App Holds Up Against Fjordphantom:

TALK TO A SPECIALIST

1
Name
Email
Designation
Company
Phone
Country
Tell us about your project
0 /
idmkmdigid
Previous
Next
FormCraft - WordPress form builder

3 Reasons Why Your Payment App Needs EMVCo SBMP Certification

i-Sprint Marketing2024-04-17T16:36:32+08:00April 17th, 2024|

3 Reasons Why Your Payment App Needs EMVCo SBMP Certification With mobile payment technologies advancing rapidly, so do the capabilities of attackers. To ensure robust security measures, the EMVCo SBMP certification stands as [...]

i-Sprint Uncovers Sneaky Android Banking Malware, FjordPhantom

Ashley lam2024-02-09T09:52:16+08:00February 8th, 2024|

Promon and i-Sprint recently uncovered a new Android malware spreading across Southeast Asia. Out of the 113 banking apps tested, an alarming 80.5% cannot protect against FjordPhantom.

Ashley lam2024-02-09T09:52:16+08:00