A new Android banking Trojan, Antidot, emerged in May 2024, which steals credentials through overlay attacks and has various functionalities for complete device control.

Antidot uses VNC, keylogging, screen recording, and call forwarding to capture sensitive information.

It can also collect contacts and SMS messages, initiate USSD requests, and lock/unlock the device. The malware utilizes custom encryption and obfuscation techniques to hinder analysis.

The Antidot Android Banking Trojan is disguised as a Google Play update app and delivers a fake Google Play update page during installation, which has been seen in multiple languages.

Precautions to be taken against this type of attack methods;

• Make sure that the applications and operating system on your phone are up to date,

• Check what access you allow for third-party connections to your device,

• Create easy-to-remember but strong passwords for yourself,

• Do not share your personal information with anyone on the internet or over the phone.