Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Laptop
Laptop
Technology
Madeline Ricchiuto

Data shows deceitful Android malware is on the rise: Take this one step to keep your phone safe

Android banking trojan.

Updated 5/29/24 at 6:11 p.m. ET with comment from Google representative.

This month, a banking trojan claiming to be an official Google Play Store update wrought havoc on Android users.

The Antidot Android Banking Trojan discovered by Cyble uses VNC (virtual network computing), keylogging, and overlay techniques to steal sensitive information and login credentials from unsuspecting Android owners.

The problem could have been avoided, though. But first, let's get into what happened when the deceptive malware collected bank information from Android users.

How does Antidot work?

(Image credit: How-To Geek)

As the Cyble report explains, the Antidot software functions using an accessibility feature and then establishes a connection with its command and control server. That server registers the device and identifies target applications. Using an overlay injection, the Antidot software sends a message claiming to be from Google which tells users to update the Google Play Store.

The Antidot software then logs keystrokes and transmits that information to the control server, allowing the trojan to steal sensitive information and login credentials. The software can also access text messages and control the camera and screen lock.

Because the Antidot download is prompted from a false popup message, the Antidot software is sideloaded rather than downloaded directly from the Play Store. This should indicate that the software isn't a legitimate Play Store update.

Other malicious applications are out there

While the Antidot Android Banking Trojan is sideloaded, it may not be the only malicious application targeting Android phones.

According to a new report by Zscaler ThreatLabz, "over 90 malicious applications (have been) uploaded to the Google Play store. These malware-infected applications have collectively garnered over 5.5 million installs."

So Android malware applications are potentially on the rise.

How to stop trojan applications

(Image credit: Google)

There is a way to protect yourself from malicious applications like the Antidot Android Banking Trojan.

A spokesperson for Google tells Dark Reading that Google Play Protect can protect against this kind of malware. "Android users are automatically protected against known versions of this malware by Google Play Protect, which is on by default on Android devices with Google Play Services. Google Play Protect can warn users or block apps known to exhibit malicious behavior, even when those apps come from sources outside of Play."

We reached out to Google for comment and a representative got back to us with the following statement regarding Google Play Protect:

This suggests that Zscaler's 5.5 million installations figure may not be an accurate account, but Google would not confirm or deny that specific figure.

If you're worried you may have downloaded the Antidot Android Banking Trojan or a similarly malicious application, Google Play Protect rolled out a virus scan function in October. Play Protect's scans will protect against malware pushed to the Google Play store or sideloaded as an APK like the Antidot trojan.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.