Antidot

Description

(Cyble) A new Android Banking Trojan, “Antidot,” masquerading as a Google Play update application, displays fake Google Play update pages in multiple languages, indicating a wide range of targets. Antidot incorporates a range of malicious features, including overlay attacks and keylogging, allowing it to compromise devices and harvest sensitive information. Antidot maintains communication with its Command and Control (C&C) server through WebSocket, enabling real-time, bidirectional interaction for executing commands. The malware executes a wide range of commands received from the C&C server, including collecting SMS messages, initiating USSD requests, and even remotely controlling device features such as the camera and screen lock. Antidot implemented VNC using MediaProjection to remotely control infected devices.

Names

Name
Antidot

Type

Banking trojan

Information

https://cyble.com/blog/new-antidot-android-banking-trojan-masquerading-as-google-play-updates/

Other Information

Uuid

71f41a69-551a-482c-a76d-5010afedc665

Last Card Change

2024-06-18

Threat Intelligence Garden

Explorer

Antidot

Antidot

Description

Names

Category

Type

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks