All products are independently selected by our experts. To help us provide free unbiased advice, we’ll earn an associated commission if you buy something. Click here to learn more
One of the best measures to protect yourself from malware, cyber attacks and bank fraud is to make sure you’re running the latest version of any software on your device. These updates contain the latest fixes and protections designed to stop hackers. But the latest threat to Android phone owners exploits this exact security tip by disguising malware as an update to the Google Play Store.
Seen by experts from cyber security firm Cyble, the malicious software – known as Antidot – is designed to withdraw money from your bank account. To do this, it can collect details about your contacts, send text messages, lock and unlock your phone or tablet, AND forward incoming calls to another number.
All these tools make Antidot ruthlessly efficient when it comes to stealing money from your accounts.
Screenshots of Antidot malware, prompting users to grant accessibility permissions so it can wreak havoc with any banking apps installed on your device
CIBLICA SECURITY RESEARCH
Android doesn’t just give permission to do all this for every old app you download, so the banking Trojan uses a clever trick to convince you to hand over the keys.
Hackers have disguised Antidot as a Google Play update with a fake terms and conditions page asking Android users to accept Google’s latest policy and begin installation.
In addition to English, researchers have discovered examples of the Antidot malware with its deceptive Google Play Store denial in German, French, Spanish, Russian, Portuguese, and Romanian.
CIBLICA SECURITY RESEARCH
As part of this fake installation process, the rogue Google Play Store app will request a variety of permissions across the Android operating system, including the ability to perform gestures and actions, view the contents of any app on the screen, and to be notified when you are interacting with specific applications.
Cyble security researchers have discovered this banking Trojan in German, French, Spanish, Russian, Portuguese, Romanian and English. This suggests that the hackers behind Antidot are targeting Android phone and tablet owners in these language-speaking regions.
Antidote, not to be confused with another nasty Android malware known as Brokewell that was discovered last month as it attempted to steal money from phone users around the globe, is NOavailable to download from the Google Play Store – something that can give away the illusion that it’s a simple update. Instead, security experts from Cyble discovered that the banking application Trojan is being distributed by phishing messages.
She noted that Antidote is distributed via SMS and emails sent directly to your mobile device.
You will need to download the banking Trojan as an APK file. This isn’t something you can do without diving into the Settings menu of your Android phone or tablet to grant the necessary permissions. As a general rule, if you’ve been sent a link to an APK and you don’t regularly use these installer files to add software from outside the Play Store to your device – it’s probably best to ignore everything of these connections.
It is better to remain suspicious any app that requires a large number of permissions from your device, especially if the type of access seems to have little to do with the software’s normal function. For example, it makes sense that a turn-by-turn navigation app would need access to your current location …but alarm bells might start ringing if it asks for permission to read your text messages or use the camera.
RECENT DEVELOPMENTS
Security researchers from Cyble have warned: “The emergence of sophisticated Android Banking Trojans poses a significant threat to users’ security and privacy.
“Among them, the newly released Antidot Banking Trojan stands out for its versatile capabilities and covert operations. Its use of string obfuscation, encryption, and strategic placement of fake update pages demonstrates a targeted approach aimed at avoiding of discovery and maximizing its reach across different language regions.
“Analysis of its complex functions sheds light on the evolving landscape of mobile malware and the ingenuity of cybercriminals. With its multi-faceted capabilities, including nested attacks, keylogging and VNC features, Antidot poses a threat of important to users’ privacy and financial security.”
To protect against these types of attacks, experts recommend using a strong and UNIQUE password for each online account with multi-factor authentication wherever possible. If memorizing all those jumbled letters and numbers sounds too complicated, then a password manager can be a real lifesaver – as it does all the heavy lifting for you. Elsewhere, VPNs will protect everything of your online activity by external observers, including your internet provider, hackers and advertisers.
Despite the clever Google Play Store trick used by Antidot, making sure your smartphone, tablet, laptop or desktop computer is running the latest version of its operating systems and apps remains a good way to protect yourself from the attacks. Antivirus software can also help protect your devices.
