Data shows deceitful Android malware is on the rise: Take this one step to keep your phone safe

Madeline Ricchiuto
·2 min read
Android banking trojan.
Android banking trojan.

Updated 5/29/24 at 6:11 p.m. ET with comment from Google representative.

This month, a banking trojan claiming to be an official Google Play Store update wrought havoc on Android users.

The Antidot Android Banking Trojan discovered by Cyble uses VNC (virtual network computing), keylogging, and overlay techniques to steal sensitive information and login credentials from unsuspecting Android owners.

The problem could have been avoided, though. But first, let's get into what happened when the deceptive malware collected bank information from Android users.

How does Antidot work?

Google Play Store app icon up close on phone display
Google Play Store app icon up close on phone display

As the Cyble report explains, the Antidot software functions using an accessibility feature and then establishes a connection with its command and control server. That server registers the device and identifies target applications. Using an overlay injection, the Antidot software sends a message claiming to be from Google which tells users to update the Google Play Store.

The Antidot software then logs keystrokes and transmits that information to the control server, allowing the trojan to steal sensitive information and login credentials. The software can also access text messages and control the camera and screen lock.

Because the Antidot download is prompted from a false popup message, the Antidot software is sideloaded rather than downloaded directly from the Play Store. This should indicate that the software isn't a legitimate Play Store update.

Other malicious applications are out there

While the Antidot Android Banking Trojan is sideloaded, it may not be the only malicious application targeting Android phones.

According to a new report by Zscaler ThreatLabz, "over 90 malicious applications (have been) uploaded to the Google Play store. These malware-infected applications have collectively garnered over 5.5 million installs."

So Android malware applications are potentially on the rise.

How to stop trojan applications

Google Play Protect
Google Play Protect

There is a way to protect yourself from malicious applications like the Antidot Android Banking Trojan.

A spokesperson for Google tells Dark Reading that Google Play Protect can protect against this kind of malware. "Android users are automatically protected against known versions of this malware by Google Play Protect, which is on by default on Android devices with Google Play Services. Google Play Protect can warn users or block apps known to exhibit malicious behavior, even when those apps come from sources outside of Play."

We reached out to Google for comment and a representative got back to us with the following statement regarding Google Play Protect:

This suggests that Zscaler's 5.5 million installations figure may not be an accurate account, but Google would not confirm or deny that specific figure.

If you're worried you may have downloaded the Antidot Android Banking Trojan or a similarly malicious application, Google Play Protect rolled out a virus scan function in October. Play Protect's scans will protect against malware pushed to the Google Play store or sideloaded as an APK like the Antidot trojan.

  • Up next
  • Up next
  • Up next
  • Up next
  • Up next
  • Up next
  • Up next