All products are independently selected by our experts. To help us provide free, unbiased advice, we earn an affiliate commission when you purchase something. Click here to learn more
One of the best measures to protect yourself against malware, cyber attacks and banking fraud is to ensure that you are using the latest version of all software on your device. These updates include the latest fixes and protections designed to stop hackers. But the latest threat to Android phone owners takes advantage of this exact security advice by disguising malware as an update to the Google Play Store.
First noticed by experts from cybersecurity company Cyble, the malicious software known as Antidot is designed to drain money from your bank account. To do that, it can collect details about your contacts, send text messages, lock and unlock your phone or tablet, And forward incoming calls to another number.
All these tools make Antidot ruthlessly efficient when it comes to stealing money from your accounts.
Screenshots of the Antidot malware asking users to grant Accessibility permissions so it can wreak havoc on banking applications installed on your device
BICYCLE SAFETY RESEARCH
Android doesn’t just give permission to do this to every old application you download, so the banking Trojan uses a clever trick to convince you to hand over the keys.
Hackers have disguised Antidot as a Google Play update with a spoofed terms and conditions page asking Android users to accept Google’s latest policies and begin installation.
In addition to English, researchers have also discovered examples of the Antidot malware with the fraudulent Google Play Store disclaimer in German, French, Spanish, Russian, Portuguese and Romanian
BICYCLE SAFETY RESEARCH
As part of this fake installation process, the rogue Google Play Store app will ask for various permissions to the Android operating system, including the ability to perform gestures and actions, view the contents of any application on the screen, and receive a notification get when you interact with specific applications.
Cyber security researchers have discovered this banking trojan in German, French, Spanish, Russian, Portuguese, Romanian and English. This suggests that the hackers behind Antidot are targeting owners of Android phones and tablets in these language-speaking regions.
Antidote, with which it should not be confused another nasty Android malware known as Brokewell which was unearthed last month when it tried to steal money from phone users around the world notavailable for download from the Google Play Store – something that could foil the ruse of it being a simple update. Instead, Cyble security experts discovered that the banking Trojan app is being shared via phishing messages.
Antidot has been observed to be distributed via SMS and emails sent directly to your mobile device.
You need to sideload the banking Trojan as an APK file. That’s not something you can do without diving into the Settings menu of your Android phone or tablet to grant the required permissions. As a rule of thumb, if you received a link to an APK and don’t regularly use those installation files to add software from outside the Play Store to your device, it’s probably best to ignore it all of these links.
It’s best to remain suspicious each application that requires a large number of permissions from your device, especially if the type of access seems to have little to do with the normal function of the software. For example, it makes sense that a turn-by-turn navigation app would need access to your current location… but alarm bells might sound if it asks for permission to read your text messages or use the camera.
LATEST DEVELOPMENTS
Security researchers at Cyble have warned: “The emergence of advanced Android Banking Trojans poses a significant threat to user security and privacy.
“Among these, the newly emerged ‘Antidot’ Banking Trojan stands out for its versatile capabilities and stealth operations. The use of string obfuscation, encryption, and strategic deployment of fake update pages demonstrate a targeted approach aimed at evading detection and maximizing its reach. various language-speaking regions.
“Analyzing its intricacies sheds light on the evolving landscape of mobile malware and the ingenuity of cybercriminals. With its versatile capabilities including overlay attacks, keylogging and VNC features, Antidot poses a significant threat to privacy and financial security of users.”
To protect against these types of attacks, experts recommend a strong and unique password for each online account with multi-factor authentication where possible. If remembering all those jumbled letters and numbers sounds too complicated, a password manager can be a real savior because it does all the hard work for you. Elsewhere, VPNs will protect all of your online activities from third party observers, including your internet service provider, hackers and advertisers.
Despite Antidot’s clever Google Play Store trick, making sure your smartphone, tablet, laptop or desktop PC is running the latest version of its operating systems and applications remains a good way to protect yourself from attacks. Antivirus software can also help protect your devices.