Malware Report: Banking Apps Susceptible to FjordPhantom, a Cyber Threat Targeting Southeast Banks

Promon, the provider of application shielding technology responsible for recently uncovering FjordPhantom, an emerging cyber threat targeting banks in Southeast Asia, reveals the findings of its research into “the susceptibility of the world’s top banking apps to this sophisticated new strain of malware.”

In September 2023, during discussions with banks in the region, Promon learned “that one customer was defrauded out of 10 million Thai Baht (approximately $280,000) after falling victim to FjordPhantom.”

Samples obtained through end-user devices show “that FjordPhantom utilizes an unprecedented method of running the targeted app in a virtual environment with additional malicious components, a method which evades advanced detection mechanisms that banking apps usually employ to protect themselves against malware.”

Promon has since analyzed 113 of “the world’s top banking apps for Android to see how these apps would respond when placed into FjordPhantom’s virtual container. Of the 113 apps, 91 (80.5%) ran inside FjordPhantom’s virtual container – a testament to the virulence of the FjordPhantom’s unique form of attack which has now been proven to pose a significant threat to the majority of the world’s supposedly most secure consumer banking apps.”

Due to the advanced security deployed “by many banks in both the United Kingdom and the United States, Promon also reviewed these countries separately.”

The United States scored “the lowest in performance relative to the global benchmark.”

After testing the 26 top U.S. consumer banking apps “according to SensorTower, 22 (84.6%) ran in FjordPhantom’s virtual container leaving Americans particularly vulnerable to this brand new attack vector.”

Whereas, the UK’s top 21 consumer banking apps “according to SensorTower performed better than the global benchmark, with 16 (76.2%) of apps tested successfully running in FjordPhantom’s virtual container.”

The cybersecurity firm also “conducted regional assessments using the apps to see if specific countries or regions were more or less susceptible to FjordPhantom’s unique virtualization attack (see table below).”

Benjamin Adolphi, head of security research at Promon, said:

“Our findings display the threat that FjordPhantom poses and just how easy it is to adapt the malware to target different apps, most of which are currently unable to protect against such attacks. At this moment in time, it appears that FjordPhantom’s use of weaponized virtualization is currently localized to countries in Southeast Asia. Yet, if paired with an effective method of transmission tailored for other nations, such as a wave of malicious emails and texts, it’s entirely possible that this malware could be used by hackers across the globe to target banking apps and commit widespread fraud.”

The full report can be accessed here.



Sponsored Links by DQ Promote

 

 

Send this to a friend