A new banking Trojan named Antidot has been identified by Cyble Research and Intelligence Labs (CRIL) targeting Android devices with features like overlay attacks, keylogging, and obfuscation capabilities. The Trojan masquerades as a fake Google Play update app in various languages, directing users to grant Accessibility permissions which then initiates communication with a command and control server. The malware, named after a string in its source code, establishes WebSocket communication for real-time exchange between client and server, and executes 35 commands including collecting SMS messages, initiating USSD requests, and controlling device functions like camera and screen lock
Cyble researchers have highlighted the malware's targeted approach to evade detection across multiple language regions, recommending users to only download apps from official stores, use reputable antivirus software, employ strong passwords and multi-factor authentication, stay cautious with links, and keep devices updated. https://www.infosecurity-magazine.com/news/android-banking-trojan-google-play/