New Antidot Android Malware Poses as Google Update to Steal Funds

Cyber security researchers at Cyble have discovered a new and sophisticated Android malware strain dubbed “Antidot.” This malware disguises itself as a fake Google update, tricking unsuspecting users into downloading it onto their devices. Once installed, Antidot targets sensitive banking information, posing a significant threat to financial security.

****Modus Operandi of Antidot****

The malware operates by distributing itself through phishing campaigns including SMSishing in which users receive SMS messages or notifications that appear to be from Google, urging them to update their software or security measures. These messages often contain malicious links that, when clicked, download the Antidot malware disguised as a legitimate Google update package (APK).

Antidot malware posing as a fake update on an infected device (let) – The AI image translation of the image (right)

Upon installation, Antidot seeks to gain administrative privileges on the device. If successful, it grants the attacker complete control over the device, allowing them to steal various forms of sensitive data, including:

• Contact lists
• SMS messages
• Credit card information
• Two-factor authentication codes
• Login credentials for banking apps and online accounts.

According to Cyble’s analysis, Antidot exploits vulnerabilities within the Android operating system to achieve persistence and evade detection. The malware also employs techniques to obfuscate its code and communication channels, making analysis and mitigation more challenging.

The risk posed by Antidot is significant. Targeting banking information makes it a prime tool for cybercriminals to steal funds. Additionally, control over the infected device allows attackers to launch further attacks or install additional malware, compromising the user’s privacy and overall security.

“The newly surfaced “Antidot” Banking Trojan stands out for its multifaceted capabilities and stealthy operations. Its utilization of string obfuscation, encryption, and strategic deployment of fake update pages demonstrate a targeted approach aimed at evading detection and maximizing its reach across diverse language-speaking regions.”

Cyble

****Recommendations for Users and Organizations****

Android users should remain vigilant against the Antidot malware. Here are some key points to keep in mind: Firstly, exercise caution with unsolicited messages by refraining from clicking on links or downloading attachments from unknown senders, even if they seem to originate from reputable sources like Google.

Secondly, ensure the authenticity of apps by downloading them exclusively from official stores like the Google Play Store. Before installation, scrutinize the developer information, reviews, and permissions requested by the app.

Thirdly, enhance your account security by enabling two-factor authentication, which provides an additional layer of protection against unauthorized access, even in the event of credential theft.

Moreover, regularly update your Android device’s operating system and installed apps to mitigate potential vulnerabilities exploited by attackers. Lastly, maintain your device’s defences by installing a trusted mobile security solution, which can proactively detect and thwart malware threats before they compromise your device.

Organizations, on the other hand, should consider security awareness training for their employees to educate them about phishing tactics and the importance of cybersecurity hygiene. Additionally, implementing mobile device management (MDM) solutions can provide centralized control over devices and enforce security policies.

1. Big Head Ransomware Found in Fake Windows Updates
2. New Vishing Attack Spreading FakeCalls Android Malware
3. FakeUpdates Malware Campaign Targets WordPress Sites
4. Fake wallet update steals 1400BTC ($16M) from Electrum user
5. Android Malware Poses as WhatsApp and Instagram to Steal Data