Tech
You might want to avoid updating Google Play when prodded
While it’s generally recommended that you keep your phone and your apps up to date, you must be very vigilant when downloading an update and not fall for a fake update warning, which may come from cybercriminals like the ones behind Antidot.
Security researchers at Cyble (via Tom’s Guide) first came across Antidot on May 6. It’s a banking trojan, crafted to gain access to your financial accounts to steal funds.
Once you download the Google Play Update app, a fake update page with a “Continue” button is displayed on the screen. The page will use German, French, Spanish, Russian, Portuguese, Romanian, or English, depending on where you live.
If you tap on the button, you are taken to the Accessibility settings. Like many other banking trojans, Antidot is dependent on the Accessibility service to perform its intended activities. After permissions are granted, an ID is generated for your device.
The fake Google Play update app forces you to grant accessibility permissions to perform malicious activities.
The app also establishes a connection with the Command and Control (C&C) server and maintains a real-time, bidirectional interaction with it to carry out its operations.
It places a fake window on top of legitimate financial apps – which is what we call an overlay attack – to siphon off your credentials. This information can be used to gain access to your bank account or cryptocurrency apps.
It’s also capable of keylogging, screen recording, call forwarding, copying contacts, reading your SMSs, locking and unlocking your device, and sending USSD requests (quick codes for requesting services like balance inquiry).
In short, this malware is capable of taking full control of your Android device and what makes it really dangerous is that it’s good at hiding its presence.
So you might be having coffee on your couch, while this abomination of an app is silently sending your hard-earned money to its masters or reading those texts no one was supposed to read.