All products are independently selected by our experts. To help us provide you with free unbiased advice, we’ll earn an affiliate commission if you buy something. Click here to learn more
One of the best measures to protect yourself from malware, cyber attacks and bank fraud is to ensure that you are running the latest version of any software on your device. These updates contain the latest fixes and protections designed to stop hackers. But the latest threat to Android phone owners exploits this very security tip by disguising malware as an update to the Google Play Store.
It was first noticed by experts from cyber security company Cyble, the malware — known as Antidot — is designed to siphon money from your bank account. To do this, it can collect details about your contacts, send text messages, lock and unlock your phone or tablet, and forward incoming calls to another number.
All these tools make Antidot ruthlessly effective when it comes to stealing money from your accounts.
Screenshots of the Antidot malware, which prompts users to grant accessibility permissions so it can wreak havoc with any banking app installed on your device
CYBLE SECURITY RESEARCH
Android doesn’t grant permissions for all of this to just any old app you download, so the banking trojan uses a clever trick to convince you to hand over the keys.
Hackers disguised Antidot as a Google Play update with a fake terms and conditions page asking Android users to accept Google’s latest policies and run the installation.
In addition to English, the researchers found examples of Antidot malware with a fake Google Play Store disclaimer in German, French, Spanish, Russian, Portuguese, and Romanian
CYBLE SECURITY RESEARCH
As part of this fake installation process, the fake Google Play Store app will request a number of permissions from the Android operating system, including the ability to perform gestures and actions, view the content of any app on the screen, and receive notifications when you interact with certain apps.
Cyble’s security researchers discovered this banking trojan in German, French, Spanish, Russian, Portuguese, Romanian and English. This suggests that the hackers behind Antidote are targeting Android phone and tablet owners in those language regions.
Antidote, not to be confused with another Android malware known as Brokewell who was discovered last month trying to steal money from phone users around the world, is notavailable for download from the Google Play Store — something that could debunk the trick of it being a simple update. Instead, security experts at Cyble discovered that the banking trojan app was distributed via phishing messages.
Antidot has been observed to be distributed via text messages and emails sent directly to your mobile device.
You will have to download the banking trojan from the side as an APK file. It’s not something you can do without diving into the Settings menu of your Android phone or tablet to grant the necessary permissions. In general, if you’ve been sent an APK link and you don’t regularly use these installer files to add non-Play Store software to your device — it’s probably best to ignore all these links.
It is best to remain suspicious any an application that requires a large number of permissions from your device, especially if the type of access seems to have little to do with the normal function of the software. For example, it makes sense that a turn-by-turn navigation app would need access to your current location …but an alarm might sound if it asks for permission to read your text messages or use the camera.
THE LATEST DEVELOPMENT
Cyble security researchers warned: “The emergence of sophisticated Android banking Trojans poses a significant threat to user security and privacy.
“Among them, the newly emerged banking Trojan ‘Antidot’ stands out for its multiple capabilities and covert operations. Its use of string obfuscation, encryption, and strategic placement of fake update pages demonstrates a targeted approach aimed at avoiding detection and maximizing its reach around the world in various regions where speak the language.
“An analysis of its intricate work sheds light on the evolution of mobile malware and the ingenuity of cybercriminals. With its multiple capabilities, including overlapping attacks, keylogging and VNC features, Antidot poses a significant threat to users’ privacy and financial security.”
In order to protect yourself from these types of attacks, experts recommend using strong i unique password for each online account with multi-factor authentication wherever possible. If remembering all those jumbled letters and numbers sounds too complicated, then a password manager can be a real savior – as it does all the hard work for you. Elsewhere, VPNs will protect all your online activities from outside observers, including your Internet service provider, hackers and advertisers.
Despite the clever Google Play Store trick used by Antidot, making sure your smartphone, tablet, laptop or desktop computer is running the latest version of its operating systems and apps remains a good way to protect yourself from attacks. Antivirus software can also help protect your devices.