icon

Digital safety starts here for both commercial and personal Use...

Defend Your Business Against the Latest WNY Cyber Threats We offer Safe, Secure and Affordable Solutions for your Business and Personal Networks and Devices.



WNYCyber is there to help you to choose the best service providers in Western New York... We DO NOT provide the services ourselves, as we are Internet Programmers who have to deak daily with Cyber Threats... (Ugghhh)... So we know what it's like and what it takes to protect OUR and OUR CUSTOMERS DATA... We built this Website to help steer you to those that can give you the best service at realistic and non-inflated prices. We do charge or collect any fees.

Buffalo, New York
United States

Current Threat Data

New Android Banking Trojan Mimics Google Play Update App

Summary:
Cyble Research and Intelligence Labs has uncovered a new banking trojan dubbed “Antidot” targeting Android devices by posing as a Google Play update application. Users who install the application are presented with a counterfeit Google Play update page that contains a “continue” button designed to redirect to the Android device’s Accessibility settings. If the user grants accessibility to the malicious application, it will proceed to initiate communication with the C2 server and send back device data including the SDK version, phone model, manufacturer, language and country code, etc. According to researchers, Antidot establishes communication with the C2 server via WebSocket, enabling real-time bidirectional interaction for executing commands. Antidot supports a total of 35 commands, allowing operators of the malware to initiate USSD requests, collect contacts and SMSs, log keystrokes, record the device’s screen, and much more.

Security Officer Comments:
Several versions of the fake update page have been created in various languages, including German, French, Spanish, Russian, Portuguese, Romanian, and English as a means to target Android around the world. As a banking trojan, Antidot’s main purpose is to gather credentials for various financial platforms, enabling actors to divert funds. Researchers note the use of overlay attacks to collect credentials, which involves presenting infected users with lookalike login pages masquerading as these targeted financial institutions.

Suggested Corrections:
To help defend against banking trojans like Antidot, Cyble has provided the following mitigations:
  • Only install software from official app stores such as the Google Play Store (Android phones) or the Apple App Store (iOS phones)
  • Use a reputed antivirus and internet security software package
  • Use strong passwords and enforce multi-factor authentication (MFA) wherever possible
  • Be careful while opening links received via SMS or emails sent to your mobile device
  • Always enable Google Play Protect on Android devices
  • Be wary of any permissions given to an application
  • Keep devices, operating systems and applications up to date
Link(s):
https://www.infosecurity-magazine.com/news/android-banking-trojan-google-play/

Contact Us for Threat Assistance
Back to Current Threats