Related papers: Virtualization-based Penetration Testing Study for Detecting Accessibility Abuse Vulnerabilities in Banking Apps in East and Southeast Asia

Virtualization-based Penetration Testing Study for Detecting Accessibility Abuse Vulnerabilities in Banking Apps in East and Southeast Asia

URL: http://arxiv.org/abs/2601.21258v1
Date: Thu, 29 Jan 2026 04:37:53 GMT
Title: Virtualization-based Penetration Testing Study for Detecting Accessibility Abuse Vulnerabilities in Banking Apps in East and Southeast Asia
Authors: Wei Minn, Phong Phan, Vikas K. Malviya, Benjamin Adolphi, Yan Naing Tun, Henning Benzon Treichl, Albert Ching, Lwin Khin Shar, David Lo,
Abstract summary: FjordPhantom, a malware identified by our industry collaborator, uses virtualization and hooking to bypass the detection of malicious accessibility services.<n>This malware primarily affects banking and finance apps across East and Southeast Asia region.<n>It requires users to be deceived into installing a secondary malicious component and activating a malicious accessibility service.
Score: 6.319052540589321
License: http://creativecommons.org/licenses/by/4.0/
Abstract: Android banking applications have revolutionized financial management by allowing users to perform various financial activities through mobile devices. However, this convenience has attracted cybercriminals who exploit security vulnerabilities to access sensitive financial data. FjordPhantom, a malware identified by our industry collaborator, uses virtualization and hooking to bypass the detection of malicious accessibility services, allowing it to conduct keylogging, screen scraping, and unauthorized data access. This malware primarily affects banking and finance apps across East and Southeast Asia region where our industry partner's clients are primarily based in. It requires users to be deceived into installing a secondary malicious component and activating a malicious accessibility service. In our study, we conducted an empirical study on the susceptibility of banking apps in the region to FjordPhantom, analyzed the effectiveness of protective measures currently implemented in those apps, and discussed ways to detect and prevent such attacks by identifying and mitigating the vulnerabilities exploited by this malware.

Related papers

An Empirical Study on the Security Vulnerabilities of GPTs [48.12756684275687]
GPTs are one kind of customized AI agents based on OpenAI's large language models.<n>We present an empirical study on the security vulnerabilities of GPTs.
arXiv Detail & Related papers (2025-11-28T13:30:25Z)
Towards Trustworthy GUI Agents: A Survey [64.6445117343499]
This survey examines the trustworthiness of GUI agents in five critical dimensions.<n>We identify major challenges such as vulnerability to adversarial attacks, cascading failure modes in sequential decision-making.<n>As GUI agents become more widespread, establishing robust safety standards and responsible development practices is essential.
arXiv Detail & Related papers (2025-03-30T13:26:00Z)
Assessing the influence of cybersecurity threats and risks on the adoption and growth of digital banking: a systematic literature review [0.0]
This study examines the influence of cybersecurity threats on digital banking security, adoption, and regulatory compliance.<n>It critically evaluates the most prevalent cyber threats targeting digital banking platforms, the effectiveness of modern security measures, and the role of regulatory frameworks in mitigating financial cybersecurity risks.
arXiv Detail & Related papers (2025-03-23T03:14:45Z)
Deep Learning Approaches for Anti-Money Laundering on Mobile Transactions: Review, Framework, and Directions [51.43521977132062]
Money laundering is a financial crime that obscures the origin of illicit funds.<n>The proliferation of mobile payment platforms and smart IoT devices has significantly complicated anti-money laundering investigations.<n>This paper conducts a comprehensive review of deep learning solutions and the challenges associated with their use in AML.
arXiv Detail & Related papers (2025-03-13T05:19:44Z)
IDU-Detector: A Synergistic Framework for Robust Masquerader Attack Detection [3.3821216642235608]
In the digital age, users store personal data in corporate databases, making data security central to enterprise management. Given the extensive attack surface, assets face challenges like weak authentication, vulnerabilities, and malware. We introduce the IDU-Detector, integrating Intrusion Detection Systems (IDS) with User and Entity Behavior Analytics (UEBA) This integration monitors unauthorized access, bridges system gaps, ensures continuous monitoring, and enhances threat identification.
arXiv Detail & Related papers (2024-11-09T13:03:29Z)
Countering Autonomous Cyber Threats [40.00865970939829]
Foundation Models present dual-use concerns broadly and within the cyber domain specifically. Recent research has shown the potential for these advanced models to inform or independently execute offensive cyberspace operations. This work evaluates several state-of-the-art FMs on their ability to compromise machines in an isolated network and investigates defensive mechanisms to defeat such AI-powered attacks.
arXiv Detail & Related papers (2024-10-23T22:46:44Z)
An investigation of the Online Payment and Banking System Apps in Bangladesh [0.0]
Bangladesh is expending substantial efforts to digitize its national infrastructure.<n>Despite the lack of knowledge about the security level of these systems, they are currently in frequent use without much consideration.
arXiv Detail & Related papers (2024-07-10T15:43:45Z)
Rethinking the Vulnerabilities of Face Recognition Systems:From a Practical Perspective [53.24281798458074]
Face Recognition Systems (FRS) have increasingly integrated into critical applications, including surveillance and user authentication. Recent studies have revealed vulnerabilities in FRS to adversarial (e.g., adversarial patch attacks) and backdoor attacks (e.g., training data poisoning)
arXiv Detail & Related papers (2024-05-21T13:34:23Z)
RASP for LSASS: Preventing Mimikatz-Related Attacks [2.5782420501870296]
The Windows authentication infrastructure relies on the Local Security Authority system, with its integral component being lsass.exe. This framework is not impervious, presenting vulnerabilities that attract threat actors with malicious intent. By exploiting documented vulnerabilities sourced from the CVE database or leveraging sophisticated tools such as mimikatz, adversaries can successfully compromise user password-address information.
arXiv Detail & Related papers (2023-12-30T20:37:37Z)
Measuring User Perceived Security of Mobile Banking Applications [0.8122270502556371]
This study was conducted to measure user-perceived security of M-Banking Apps. Perceived security, institutional trust and technology trust were confirmed as factors that affect user's intention to adopt and use M-Banking Apps.
arXiv Detail & Related papers (2022-01-09T16:45:30Z)
Dos and Don'ts of Machine Learning in Computer Security [74.1816306998445]
Despite great potential, machine learning in security is prone to subtle pitfalls that undermine its performance. We identify common pitfalls in the design, implementation, and evaluation of learning-based security systems. We propose actionable recommendations to support researchers in avoiding or mitigating the pitfalls where possible.
arXiv Detail & Related papers (2020-10-19T13:09:31Z)

This list is automatically generated from the titles and abstracts of the papers in this site.