Android warned of 'significant threat': Beware of fake Google Play Store update, it drains your bank account

Android smartphone owners should be wary of a banking Trojan known as Antidot, which has the ability to login to your bank account as it can scan and record what's happening on your screen at any time

GOOGLE PRESS OFFICE | GETTY IMAGES | GBN
Aaron Brown

By Aaron Brown


Published: 01/06/2024

- 04:30

Antidot can read text messages, forward incoming calls, and much worse

  • A new banking Trojan has been identified by security researchers
  • Known as Antidot, it will login to your bank account and steal funds
  • To trick users into granting permissions, it's disguised as a Play Store update
  • Experts branded it "a significant threat to users’ privacy and financial security"

All products are independently selected by our experts. To help us provide free impartial advice, we will earn an affiliate commission if you buy something. Click here to learn more

One of the best measures to shield yourself from malware, cyber attacks, and banking scams is to ensure you're running the latest version of any software on your device. These updates contain the latest fixes and protections designed to stop hackers. But the latest threat to Android phone owners exploits this exact security advice by disguising malware as an update for the Google Play Store.


First spotted by experts from cybersecurity firm Cyble, the malicious software — known as Antidot — is designed to siphon money from your bank account. To do that, it can collect details on your contacts, send text messages, lock and unlock your phone or tablet, and forward incoming calls to another number.

All of these tools make Antidot ruthlessly efficient when it comes to stealing money from your accounts.

screenshots of the antidot banking trojan disguised as a play store update trying to convince phone owners into granting permissions

Screenshots of the Antidot malware, prompting users to grant Accessibility permissions so that it can wreak havoc with any banking applications installed on your device

CYBLE SECURITY RESEARCH

Android doesn't just grant permissions to do all of that to any old application that you download, so the banking Trojan employs a clever trick to convince you to hand over the keys.

Hackers have disguised Antidot as a Google Play update with a counterfeit terms and conditions page asking Android users to accept Google's latest policy and kickstart the installation.

screenshots of the antidot banking trojan as a fake play store update in German, French, Spanish, Russian, Portuguese, and Romanian

As well as English, researchers have discovered examples of the Antidot malware with its fraudulent Google Play Store disclaimer in German, French, Spanish, Russian, Portuguese, and Romanian

CYBLE SECURITY RESEARCH

As part of this fake installation process, the fraudulent Google Play Store app will ask for a variety of permissions across the Android operating system, including the ability to perform gestures and actions, view the contents of any application on-screen, and be notified when you're interacting with specific applications.

Cyble security researchers have discovered this banking Trojan in German, French, Spanish, Russian, Portuguese, Romanian, and English. This suggests the hackers behind Antidot are targeting Android phone and tablet owners in these language-speaking regions.

Antidot, which is not to be confused with another nasty Android malware known as Brokewell that was unearthed last month as it attempted to steal money from phone users across the globe, is notavailable to download from the Google Play Store — something that might scupper the ruse that it's a simple update. Instead, security experts from Cyble discovered the banking Trojan app is being shared by phishing messages.

It has observed Antidot being distributed via SMS and emails sent directly to your mobile device.

You'll need to sideload the banking Trojan as an APK file. That's not something you're able to do without diving into the Settings menu of your Android phone or tablet to grant the requisite permissions. As a rule of thumb, if you've been sent a link to an APK and don't regularly use these installation files to add software from outside of the Play Store to your device — it's probably best to ignore all of these links.

It's best to stay suspicious of any application that demands a large number of permissions from your device, especially if the type of access seems to have little to do with the normal function of the software. For example, it makes sense that a turn-by-turn navigation app would need access to your current location ...but alarm bells might start to sound if it's asking for permission to read through your text messages or use the camera.

LATEST DEVELOPMENTS

Security researchers from Cyble have cautioned: "The emergence of sophisticated Android Banking Trojans poses a significant threat to users’ security and privacy.

"Among these, the newly surfaced 'Antidot' Banking Trojan stands out for its multifaceted capabilities and stealthy operations. Its utilization of string obfuscation, encryption, and strategic deployment of fake update pages demonstrate a targeted approach aimed at evading detection and maximizing its reach across diverse language-speaking regions.

"Analyzing its intricate workings sheds light on the evolving landscape of mobile malware and the ingenuity of cybercriminals. With its multifaceted capabilities, including overlay attacks, keylogging, and VNC features, Antidot poses a significant threat to users’ privacy and financial security."

To safeguard against these types of attacks, experts recommend using a strong and unique password for every online account with multi-factor authentication wherever possible. If memorising all of those jumbled letters and numbers sounds too complicated, then a password manager can be a real saviour — since it does all of the heavy-lifting for you. Elsewhere, VPNs will shield all of your online activity from outside observers, including your internet provider, hackers, and advertisers.

Despite the clever Google Play Store ruse employed by Antidot, ensuring that your smartphone, tablet, laptop, or desktop PC is running the latest version of its operating systems and applications remains a good way to protect yourself from attacks. Antivirus software can also help shield your devices.

You may like