Skip to content

Hide Navigation Hide TOC

FjordPhantom - S1208 (cfe91950-c01f-4e1f-ada1-7ac9b4f79fd4)

FjordPhantom is a malicious Android application first discovered in September 2024 with targets in Southeast Asia, specifically Indonesia, Thailand, and Vietnam. FjordPhantom was distributed through email and messaging applications. Once installed, the application launches a virtualization solution to steal important information, such as bank accounts, and to manipulate the user interface. The malicious activity from the virtualization solution runs alongside legitimate banking applications.(Citation: Promon FjordPhantom Oct2024)

Cluster A Galaxy A Cluster B Galaxy B Level
FjordPhantom - S1208 (cfe91950-c01f-4e1f-ada1-7ac9b4f79fd4) Malware Masquerading - T1655 (f856eaab-e84a-4265-a8a2-7bf37e5dc2fc) Attack Pattern 1
FjordPhantom - S1208 (cfe91950-c01f-4e1f-ada1-7ac9b4f79fd4) Malware Process Injection - T1631 (b7c0e45f-0206-4f75-96e7-fe7edad3aaff) Attack Pattern 1
FjordPhantom - S1208 (cfe91950-c01f-4e1f-ada1-7ac9b4f79fd4) Malware Virtualization Solution - T1670 (8e097ec5-1755-41d6-807c-3882442b818a) Attack Pattern 1
Phishing - T1660 (defc1257-4db1-4fb3-8ef5-bb77f63146df) Attack Pattern FjordPhantom - S1208 (cfe91950-c01f-4e1f-ada1-7ac9b4f79fd4) Malware 1
Hooking - T1617 (ccde43e4-78f9-4f32-b401-c081e7db71ea) Attack Pattern FjordPhantom - S1208 (cfe91950-c01f-4e1f-ada1-7ac9b4f79fd4) Malware 1