top of page
  • Clipeus

FjordPhantom: New Android Malware Targets South East Asia

Mobile security experts at Promon have discovered a new malware, named "FjordPhantom," that exploits Android virtualization for evasion. In Android, applications can operate in isolated environments for various purposes, such as allowing users to run the same app with multiple accounts.

While the "sandbox" concept in Android aims to enhance security, FjordPhantom takes advantage of this framework. According to the Promon report, FjordPhantom disguises itself as a legitimate banking mobile application. The initial deception occurs because the app itself remains unaltered; instead, FjordPhantom installs the intended app for the user, but with malicious code wrapped around it. When executed within a virtual container, the malicious code utilizes API hooking to intercept credentials and sensitive information.

The malware is reportedly spreading through messaging applications, email, and SMS across Indonesia, Thailand, Vietnam, Singapore, and Malaysia.


Commenting has been turned off.

If you are interested in specifics or additional insights on the threats above or any other threat, please visit our dedicated service page or reach out to with your inquiry. We would be glad to assist you

bottom of page