The newest threat to mobile devices is a special kind of malware that attacks Google Android devices and puts their use and security at risk. The security researchers at Cyble have detected a new banking Trojan called “Antidot.”
Antidot operates under the guise of a harmless Google Play update, luring unsuspecting users into its trap with cunningly crafted fake update pages in multiple languages. With a devious combination of overlay attacks and keylogging techniques, Antidot efficiently siphons sensitive information like login credentials from its victims.
Rupali Parate, an Android malware researcher at Cyble, sheds light on Antidot’s insidious workings. Leveraging an “Accessibility” service, Antidot establishes communication with its command-and-control (C2) server upon installation and permission granted by the victim. This connection allows for real-time, bidirectional interaction, granting attackers significant control over infected devices.
What sets Antidot apart is its utilization of WebSocket for communication, enabling a seamless flow of commands between the malware and its C2 server. Among the commands executed by Antidot are the collection of SMS messages, initiation of USSD requests, and even remote control of device features such as the camera and screen lock, facilitated by the implementation of VNC using MediaProjection.
The implications of such remote control capabilities are dire, as hackers can execute a complete fraud chain, accessing private information, performing unauthorized transactions, and manipulating the device remotely. This sophisticated level of access maximizes the potential for financial exploitation and privacy breaches.
Parate warns of the growing sophistication of mobile malware, exemplified by the Antidot Trojan. This trend toward multifaceted attacks underscores the need for enhanced security measures and user awareness to combat the evolving threat landscape effectively.
As banking Trojans like Antidot continue to proliferate globally, targeting a wide array of financial institutions and organizations, the imperative for robust cybersecurity defenses and proactive vigilance has never been greater.
