top of page
Admin

BOLO Android Banking Apps — New Malware Evades Detection

Published: February 01, 2024 on our newsletter Security Fraud News & Alerts Newsletter.



A new malware targeting Android banking apps is making its way around the globe, and the U.S. may be in its path. Called FjordPhantom, this tricky malware is infecting banking apps with help from sophisticated tricks for flying under the radar. This banking trojan's clever mix of phishing emails combined with social engineering TOAD attacks helps this malware get what it's after...your banking credentials and your money. Don’t know what a TOAD attack is. Well, in short, it’s not the amphibious kind. We’ll get to it shortly.


FjordPhantom is actively attacking banking app users in Thailand, Indonesia, Malaysia, Singapore, and other Southeast Asian countries, with one victim losing $280,000. Experts see signs of FjordPhantom actively developing and growing far beyond its current geo-locations.


Bank Fraud On-The-Go


Promon analysts first discovered FjordPhantom malware spreading through emails, messaging apps, and SMS text messaging. That's when socially engineered telephone-oriented-attack delivery (TOAD) strikes, often in the form of calls from a bogus bank customer service line. Step-by-step, a victim is swayed into downloading a banking app with authentic features that unknowingly include FjordPhantom's malware.


Android banking apps are vulnerable to FjordPhantom because the malware is written in a modular way. Depending on what banking app gets caught up in the malware, the apps get attacked. In the end, FjordPhantom hijacks PII, steals credentials, and controls banking transactions.



Undetected Ways


In some cases, FjordPhantom keeps victims in the dark by closing screen warning messages about the intrusion. Since the malware doesn't alter the banking app, code tampering doesn't get detected. Although Google says their Play Protect works to scan and identify malicious apps before they're installed, this malware gets around on a device by making Google Play Services look unavailable.


In the widening world of Android banking malware, FjordPhantom is making a name by hiding itself, so BOLO! Here is how you can avoid it:


  • Don’t sideload apps. These usually don’t get tested for security issues as thoroughly as the ones in the official app stores or may not get scanned for them at all.

  • Keep your devices up to date with current antimalware software and make sure you apply all patches to software and update your mobile devices when one is available.

  • Keep the peepers open for targeted phishing email messages and texts. No email or text is so urgent you can’t take a minute to make sure they’re safe.

  • Avoid clicking links and attachments, no matter how you receive them. Remember that sometimes they even arrive in voice to text voicemail messages!

  • Always verify and re-verify your financial account links before entering any sensitive information.


Want to schedule a conversation? Please email us at advisor@nadicent.com

Comments


bottom of page