Criminals are constantly developing new ways to trick people, and their latest tactic is to infect Android smartphones with malware to access banking and other details. Researchers at cybersecurity firm Cyble have discovered a new malware called Antidot that poses as a Google Play update application. The malware displays fake Google Play update pages in multiple languages to steal sensitive information.
To get security alerts, expert tips, sign up for Kurt’s newsletter – Cyberguy Report here
Man looking at Android smartphone (Kurt “Cyberguy” Knutson)
How does this malware get onto Android?
Detail is CybulAntidote is a Trojan horse, a type of malware that disguises itself as a standard program to mislead users from its true purpose – in this case, to impersonate Google Play Store (the default app market for downloading and updating apps on Android smartphones) and steal sensitive data.
Antidot gets onto Android phones by tricking users into sideloading it as an APK (Android Package Kit). APK is a file format that Android uses to distribute and install applications. When you sideload an app, you manually install an APK file onto your Android device that doesn’t come from the Google Play Store. Google keeps most malicious apps off its platform, so you won’t find it in the Play Store. However, you might find it in third-party app stores or other less legitimate sources.
Malware can also get onto your phone in the following ways: Phishing Email and text messages. For example, you might receive an email claiming you’ve won something (a lottery ticket, a phone call, etc.). When you open the email and click on the link, nothing happens or you’re taken to a dummy site. However, malware has been downloaded and installed on your phone.
Man using an Android smartphone (Kurt “Cyberguy” Knutson)
Voice cloning is the latest weapon in family emergency scams
How does the Antidot Trojan work?
Once the malware is installed on an Android phone, it displays a fake update page with a “Continue” button that takes you to the Accessibility settings. Antidot uses the Accessibility service to carry out its malicious activities and gain full control over the phone.
Fake Google Play update page (Cyble) (Kurt “Cyberguy” Knutson)
The Trojan displays fake update pages in various languages, including German, French, Spanish, Russian, Portuguese, Romanian and English, indicating that it is targeting Android users from these languages.
Fake Google Play update page in various languages (Cyble) (Kurt “Cyberguy” Knutson)
Subscribe to KURT’s YouTube channel for quick video tips on how to use all kinds of tech gadgets.
Accessing your phone’s accessibility settings can give you access to anything you need, including collecting contacts and text messages, collecting authentication information, locking and unlocking your device, and transferring calls.
To steal passwords and other credentials, Antidot uses a clever trick called an overlay attack: when you open a banking app on your phone, the malware loads a fake website that looks just like the real banking app, hiding it. When you enter your login details, hackers capture it and, with enough information, can steal your money, commit fraud, or steal your identity.
If the malware does not have a fake website for the app,Keylogging” captures everything you type on your Android phone, including passwords.
Hacker operating various computer screens (Kurt “Cyberguy” Knutson)
‘Unsubscribe’ Email Scam Targets Americans
10 ways to protect yourself from Android banking Trojans
Trojans can be hard to detect and dangerous once they get on your phone, but there are things you can do to protect your data.
1) Beware of phishing scams: Be wary of emails, phone calls, and messages from unknown sources asking for personal information. Don’t click on suspicious links or provide sensitive information unless you can verify the legitimacy of the request.
2) Deploy powerful antivirus software: Android has a built-in anti-malware feature called Play Protect, but it can’t stop all malicious software. To date, Play Protect has not been 100% reliable in removing all known malware from Android phones. The best way to protect yourself from clicking on malicious links that install malware that could access your personal information is to install antivirus protection on all your devices. This will: Phishing Email or Ransomware scam. We’ve handpicked the winners of the best antivirus protection of 2024 for Windows, Mac, Android and iOS devices.
3) Download apps from trusted sources: It is important to only download apps from trusted sources such as Google Play Store, which have rigorous checks in place to prevent malware and other harmful software. Avoid downloading apps from unknown websites or unofficial stores as they may pose a high risk to your personal data and device.
4) Use identity theft protection services: Identity theft companies monitor personal information like social security numbers, phone numbers, and email addresses to alert you if it’s being sold on the dark web or used to open accounts, and they can also help freeze bank and credit card accounts to prevent further fraud by criminals. Check out these tips and best choices for protecting yourself against identity theft.
5) Monitor your account: If you think you may have been affected by a banking Trojan, regularly review your bank statements, credit card statements, and other financial accounts for fraudulent transactions. If you notice any suspicious transactions, report them to your bank or credit card company immediately.
6) Enable SMS notifications for your bank account: Enabling SMS notifications allows you to monitor your account for fraudulent transactions.
7) Set up two-factor authentication (2FA): 2FA It’s an extra shield to prevent hackers from accessing your account.
8) Use a password manager: a password manager It helps you create and store strong, unique passwords for all your accounts, reducing the risk of password theft.
9) Regularly update your device’s operating system and apps: Maintaining the Software to date This is very important because updates often contain security patches for newly discovered vulnerabilities that can be exploited by Trojans.
10) Be careful when granting permissions: Carefully review the permissions an app requests. If an app requests more access than it needs to function, that could be a red flag.
Banking Trojan targets more apps, putting Android users at risk
Important points about the cart
Staying one step ahead of cybercriminals is a constant challenge. The emergence of the Antidot Trojan is a stark reminder that we need to be as innovative as the threats we face. It is important not only to protect our devices, but also to protect our digital existence. Let us not forget that the power to prevent such intrusions is primarily in our hands. By adopting the protective measures outlined here, from scrutinizing the permissions of all apps to employing strong security solutions, we can strengthen our digital fortress. Don’t let yourself be easily fooled by scammers.
In what ways do you think technology companies can improve their security measures to better protect users from malware like Antidot? Cyberguy.com/Contact Us.
If you want to receive more of my tech tips and security alerts, subscribe to the free CyberGuy Report newsletter at the link below. Cyberguy.com/Newsletter.
Have a question for Kurt or tell us the story you’d like to see featured?.
Follow Kurt on his social channels:
Answers to the CyberGuy’s most frequently asked questions:
Copyright 2024 CyberGuy.com. All Rights Reserved.
