All products are independently selected by our experts. To help us provide free unbiased advice, we earn an affiliate commission if you buy something. Click here to learn more
One of the best measures to protect yourself from malware, cyber attacks and bank fraud is to ensure that you are using the latest version of any software on your device. These updates contain the latest fixes and protections designed to stop hackers. However, the latest threat to Android phone owners is taking advantage of this very security advice, disguising malware as an update for the Google Play Store.
First spotted by experts from cyber security company Cyble, the malware – known as Antidot – is designed to siphon money from your bank account. To do this, it can collect details about your contacts, send text messages, lock and unlock your phone or tablet, and forward incoming calls to another number.
All of these tools make Antidot ruthlessly effective at stealing money from your accounts.
Screenshots of Antidot malware that prompts users for facilitation permissions so it can wreak havoc with any banking app installed on your device
CYBLE SECURITY RESEARCH
Android doesn’t just grant permissions to any old app you download, so the banking trojan uses a clever trick to convince you to hand over the keys.
Hackers disguised Antidot as a Google Play update with a fake terms and conditions page asking Android users to accept Google’s latest policies and begin installation.
In addition to English, the researchers discovered examples of the Antidot malware with its fraudulent Google Play Store disclaimer in German, French, Spanish, Russian, Portuguese, and Romanian.
CYBLE SECURITY RESEARCH
As part of this fake installation process, the fake Google Play Store app will ask for various permissions on the Android operating system, including the ability to perform gestures and actions, display the content of any app on the screen, and receive notifications when you interact with specific apps.
Cyble security researchers discovered this banking Trojan in German, French, Spanish, Russian, Portuguese, Romanian and English. This suggests that the hackers behind Antidote are targeting Android phone and tablet owners in these language areas.
Antidote not to be confused with another nasty Android malware known as Brokewell which was discovered last month when it tried to steal money from phone users around the world, is Noavailable for download from the Google Play Store – something that could defeat the ruse of it being a simple update. Instead, security experts at Cyble discovered that the banking trojan is shared via phishing messages.
Observed distribution of Antidot via SMS and emails sent directly to your mobile device.
You will need to download the banking trojan as an APK file. This is not something you can do without diving into the Settings menu of your Android phone or tablet and granting the required permissions. In general, if you’ve been sent a link to an APK file and you don’t regularly use these installers to add non-Play Store software to your device – it’s probably best to ignore All these links.
It’s best to remain suspicious none an app that requires a large number of permissions from your device, especially if the type of access seems to have little to do with the normal function of the software. For example, it makes sense that a turn-by-turn navigation app would need access to your current location…but alarm bells might start ringing if it asks for permission to read your text messages or use the camera.
THE LATEST DEVELOPMENT
Cyble security researchers warned: “The emergence of sophisticated Android Banking Trojans poses a significant threat to user security and privacy.
“Among them, the newly discovered ‘Antidot’ Banking Trojan stands out for its multifaceted capabilities and covert operations. Its use of string obfuscation, encryption, and strategic deployment of fake update pages demonstrates a targeted approach aimed at avoiding detection and maximizing its reach across diverse language areas.
“Analysis of its complex workings sheds light on the evolving mobile malware landscape and the ingenuity of cybercriminals. With its multifaceted capabilities, including cloaking attacks, keylogging and VNC capabilities, Antidot poses a significant threat to users’ privacy and financial security.”
To protect against these types of attacks, experts recommend using strong and unique password for each online account with multi-factor authentication whenever possible. If remembering all those jumbled letters and numbers sounds too complicated, then a password manager can be a real lifesaver – because it does it all for you. Elsewhere they will shield VPNs All about your online activity from external observers, including your Internet provider, hackers and advertisers.
Despite the clever Google Play Store trick used by Antidot, making sure your smartphone, tablet, laptop, or desktop computer is running the latest version of its operating systems and apps remains a good way to protect yourself from attacks. Antivirus software can also help protect your device.