There is a new Android banking trojan in the town with a clever new trick. Dubbed Antidot, it masquerades itself as a Google Play update. The hackers behind the campaign have carefully designed this fake update page to make it look like a genuine one. It can easily trick unsuspecting users into downloading malware. Here’s how to stay away from it.
Antidot Android banking trojan masquerades itself as a Google Play update
Discovered in early May by cybersecurity experts at Cyble, Antidot targets Android users in various parts of the world. The first step of malware distribution is similar to others. The hackers send you an email or text message impersonating Google, telling you that you need to update Google Play on your phone. It contains a link to jump straight to the update page, which is a fake page crafted by the hackers.
Unsuspecting users would click on the link believing they are updating Google Play. The landing page also looks genuine, so they feel confident they are on the right track. The hackers have developed the same page in multiple languages, so seeing a page in your preferred language further encourages you to click the download or update button. Unfortunately, it downloads an APK file containing malware.
Up to this point, no harm is done. If you avoid sideloading the APK, which you should always do, you are safe from any danger. However, some users don’t. They proceed to install the APK because they want to update Google Play. As soon as the app is installed, the malware starts its malicious actions. It brings up another fake update page that tricks users into giving the app access to Android’s Accessibility Settings.
Once you grant this access, the Antidot Android trojan gains complete control over your device. It connects to a remote server operated by the hackers and sends sensitive information to it. It uses overlay attacks to steal your banking credentials. The malware can also unlock the device, make calls, send text messages, send out notifications, lock the device, copy text from the clipboard, read key presses, and more.
How to stay safe from these kinds of attacks?
First and foremost, you should always download and update apps from official sources. Manually visit the Google Play Store or any other built-in app store on your phone to download apps. Do not search for and download apps from the web. It is safer to avoid sideloading APK files altogether. Also, avoid clicking on links received in emails or messages without verifying the sender. Hackers often make these messages look like coming from a brand, so pay attention to the website the link takes you to.
