Antidot: The Android Trojan Deceiving Users with Fake Google Play Updates

A new Android banking trojan called Antidot is making waves by deceiving users with counterfeit Google Play update prompts. The fraudsters have crafted an authentic-looking update page to mislead users into downloading malicious software. Here's how to safeguard against it.

Antidot Android Banking Trojan Posing as Google Play Update

Identified in early May by cybersecurity specialists at Cyble, the Antidot trojan targets Android users globally. The infection process begins when you receive an email or text message that appears to be from Google, urging you to update your Google Play. The included link leads to a fraudulent page set up by the cybercriminals.

Unwitting users might click the link thinking they're updating Google Play. The fake page, crafted in multiple languages, looks convincing, pushing further engagement by displaying in the user's native language. Clicking the supposed download or update button results in downloading an APK laden with malware.

Initially, no damage occurs unless the APK is sideloaded, which should be avoided. However, users who install the APK thinking they're updating Google Play will trigger the malware. The installed app then presents another deceptive update prompt that tricks users into altering the Android Accessibility Settings.

Once these permissions are granted, the Antidot trojan can fully manipulate the device. It connects to a command and control server run by the attackers to exfiltrate sensitive data, utilizing overlay tactics to hijack banking details. The trojan can also unlock the phone, make calls, send texts, push notifications, lock the device, intercept text from the clipboard, and log keystrokes.

Tips to Prevent Such Malware Attacks

To protect yourself, always download and update applications solely from legitimate sources like the Google Play Store or your phone's in-built app store. Avoid downloading apps directly from the internet or sideloading APK files. Additionally, be wary of clicking links in emails or messages, especially if they claim to be from well-known companies. Always verify the sender's credibility and double-check the URL to ensure you're not being redirected to a malicious site.