Technology
Android banking trojan masquerades as Google Play to steal your data
Criminals constantly develop new ways to scam people, and their latest tactic involves infecting Android phones with malware to access banking information and other details. Researchers at the cybersecurity firm Cyble have discovered a new malware, dubbed Antidot, which masquerades as a Google Play update application. It displays fake Google Play update pages in multiple languages and captures sensitive information.
GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE
A man looking at his Android phone (Kurt “CyberGuy” Knutsson)
How does this malware enter your Android?
As detailed by Cyble, Antidote is a Trojan – malware that misleads users of its true intent by disguising itself as a standard program. In this case, it impersonates the Google Play Store (the default app market for downloading and updating apps on Android phones) and captures your important data.
Antidot enters your Android phone by tricking you into sideloading it as an APK (Android Package Kit). APK is the file format that Android uses to distribute and install applications. When you sideload an app, you’re manually installing an APK file on your Android device, which is not obtained through the Google Play Store. You won’t find it on the Play Store because Google makes sure to keep most of the malicious apps off its platform. However, you may come across it on third-party app stores or other less legitimate sources.
The malware can also enter your phone through phishing emails and text messages. For example, you might receive an email claiming you’ve won something (a lottery, a phone, etc.). You open the email and click on the link, and either nothing happens or you are taken to a dummy site. However, malware has been downloaded and installed on your phone.
A man on his Android phone (Kurt “CyberGuy” Knutsson)
VOICE CLONING IS THE NEW WEAPON IN SCAMMERS’ ARSENAL FOR FAMILY EMERGENCY SCHEMES
How does the Antidot trojan work?
Once the malware is installed on your Android phone, it displays a fake update page featuring a “Continue” button that takes you to the Accessibility settings. Antidot relies on the Accessibility services to carry out its malicious activities as they allow it to gain complete control over your phone.
Fake Google Play update page (Cyble) (Kurt “CyberGuy” Knutsson)
The trojan displays fake update pages in various languages, including German, French, Spanish, Russian, Portuguese, Romanian and English, indicating that it is targeting Android users in these language-speaking regions.
Fake Google Play update pages in different languages (Cyble) (Kurt “CyberGuy” Knutsson)
SUBSCRIBE TO KURT’S YOUTUBE CHANNEL FOR QUICK VIDEO TIPS ON HOW TO WORK ALL OF YOUR TECH DEVICES
After gaining access to your phone’s accessibility settings, it can access whatever information it wants, whether it’s collecting contacts and text messages, harvesting credentials, locking and unlocking the device, or forwarding calls.
To steal passwords and other credentials, Antidot uses a sneaky trick called an overlay attack. When you open your bank app on your phone, the malware loads a fake website that looks exactly like the real bank app and covers it up. When you type in your login details, the hackers capture them, and they can then steal your money, commit fraud or even steal your identity with enough information.
If the malware doesn’t have a fake website for an app, it uses another trick called “keylogging,” which captures everything you type on your Android smartphone, including your passwords.
A hacker working off of various computer screens (Kurt “CyberGuy” Knutsson)
‘UNSUBSCRIBE’ EMAIL SCAM IS TARGETING AMERICANS
10 ways you can protect yourself from the Android banking trojan
While a trojan is hard to detect and can be dangerous once it enters your phone, there are several things you can do to protect your data.
1) Be cautious of phishing attempts: Be vigilant about emails, phone calls or messages from unknown sources asking for personal information. Avoid clicking on suspicious links or providing sensitive details unless you can verify the legitimacy of the request.
2) Have strong antivirus software: Android has its own built-in malware protection called Play Protect, but it’s not enough to stop all malicious software. Historically, Play Protect hasn’t been 100% foolproof at removing all known malware from Android phones. The best way to protect yourself from clicking malicious links that install malware that may get access to your private information is to have antivirus protection installed on all your devices. This can also alert you of any phishing emails or ransomware scams. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android & iOS devices.
3) Download apps from reliable sources: It’s important to download apps only from trusted sources like the Google Play Store. They have strict checks to prevent malware and other harmful software. Avoid downloading apps from unknown websites or unofficial stores, as they can pose a higher risk to your personal data and device.
4) Use an identity theft protection service: Identity theft companies can monitor personal information like your Social Security Number, phone number and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. See my tips and best picks on how to protect yourself from identity theft.
5) Monitor your accounts: If you think you have been affected by the banking trojan, regularly review your bank statements, credit card statements and other financial accounts for any unauthorized activity. If you notice any suspicious transactions, report them immediately to your bank or credit card company.
6) Enable SMS notifications for your bank accounts: By enabling SMS notifications, you can monitor your accounts for any unauthorized transactions.
7) Set up two-factor authentication (2FA): 2FA is an extra shield that prevents hackers from accessing your accounts.
8) Use a password manager: A password manager can help you create and store strong, unique passwords for all your accounts, reducing the risk of password theft.
9) Regularly update your device’s operating system and apps: Keeping your software up to date is crucial as updates often include security patches for newly discovered vulnerabilities that could be exploited by trojans.
10) Be wary of granting permissions: Carefully review the permissions requested by apps. If an app asks for more access than it needs for its functionality, it could be a red flag.
ANDROID USERS AT RISK AS BANKING TROJAN TARGETS MORE APPS
Kurt’s key takeaways
Staying one step ahead of cybercriminals is a constant challenge. The emergence of the Antidot trojan is a stark reminder that our vigilance must be as innovative as the threats we face. It’s not just about safeguarding our devices; it’s about protecting our digital existence. Remember, the power to prevent such intrusions largely rests in our hands. By adopting the protective measures outlined, from scrutinizing every app’s permissions to embracing robust security solutions, we can fortify our digital fortresses. Let’s not make it easy for the scammers.
In what ways do you think technology companies could improve their security measures to better protect users from malware like Antidot? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Ask Kurt a question or let us know what stories you’d like us to cover.
Follow Kurt on his social channels:
Answers to the most asked CyberGuy questions:
Copyright 2024 CyberGuy.com. All rights reserved.
When Oregon resident Isabelle Reksopuro heard Google was gobbling up public land to fuel its data centers in her home state, she didn’t initially know what to believe. “There’s a lot of misinformation about data centers,” she said. “Google has denied taking that land.”
Technically, she explains, The Dalles, a city near the Washington state border, sought to reclaim that land, “and Google is just a big, unnamed power user.” The city had in fact asked for ownership of a 150-acre portion of Mount Hood National Forest, claiming it needs access to Mount Hood’s watershed to meet municipal needs as its population — 16,010 as of the 2020 census — grows. But critics, including environmentalists, say the city is trying to secure more water for Google, which has a sprawling data center campus in The Dalles that already consumes about one-third of the city’s water supply.
This controversy made Reksopuro curious about the backlash to data centers being built in other communities. So Reksopuro, a student at the University of Washington who studies the connections between tech and public policy, decided to map it out. Using information collected by Epoch AI and data scraped from legislation on data centers, she built an interactive map tracking AI policy around the world. She designed it to be simple enough for anyone to use. “I wanted it to be something that my younger sisters could play through and explore to understand what are the data centers in the area and what’s actually being done about it,” Reksopuro said. She hoped to shift their opinions that way, “instead of like, through TikTok.”
Four times a day, the map searches for new sources and checks them against the existing database Reksopuro built out. “Once it does that, it will write a new summary, add it to the news feed, and populate it on the sidebar,” she said. “I wanted it to be self-updating, since I’m also a student.”
Reksopuro isn’t against data centers, but she thinks tech giants benefit from a lack of transparency around data center policies. “Right now, it’s this really opaque thing — and all of a sudden, there’s a facility,” she said. “I think that if people knew about data centers beforehand, it would give them leverage. They would be able to negotiate: ask for job training programs, tax revenue, environmental monitoring, things to improve their community.”
UCF commencement speaker Gloria Caulfield (University of Central Florida via Storyful)
NEWYou can now listen to Fox News articles!
Welcome to Fox News’ Artificial Intelligence newsletter with the latest AI technology advancements.
IN TODAY’S NEWSLETTER:
– UCF graduates clobber commencement speaker with boos after she says AI is the ‘next Industrial Revolution’
– OPINION: DIRECTOR KASH PATEL: We brought the FBI out of the past and into the AI age
– OpenAI backs creation of global AI governance body led by the U.S. that would include China as a member
TOUGH CROWD: During a recent commencement ceremony at the University of Central Florida, a speaker was met with loud boos from the graduating class after declaring that artificial intelligence represents the next industrial revolution. Fox News Digital reporting captures this tense cultural moment, illustrating the mixed public sentiment and skepticism surrounding AI’s growing footprint in daily life.
A statue on the campus of the University of Central Florida in Orlando, Florida. (iStock)
BADGE MEETS BYTE: Reflecting on the modernization of national security in a Fox News op-ed, FBI Director Kash Patel explores how the bureau must adapt its strategies to address modern threats and advance beyond the artificial intelligence age.
TECH DIPLOMACY: OpenAI is throwing its support behind the establishment of a new global artificial intelligence governance organization that would be led by the United States while notably including China as a member. Fox News Digital reporting examines the geopolitical dynamics and regulatory implications of this proposed framework as global powers race to set the standards for AI development.
EQUITY ELEVATION: The massive wave of wealth generated by the explosive growth of ChatGPT and the broader AI industry is driving a sudden surge in the San Francisco Bay Area’s luxury real estate market. Fox News Digital reporting breaks down how the influx of new tech capital is reshaping local housing dynamics and fueling a high-end property frenzy.
FBI Director Kash Patel listened as Acting Attorney General Todd Blanche spoke during a press conference at the Department of Justice on April 28, 2026, in Washington, D.C. (Tasos Katopodis/Getty Images)
STRATEGY RESET: Tech giant Cisco is planning to eliminate thousands of jobs as the company shifts its primary focus to accelerate its artificial intelligence initiatives, a move that comes despite the company beating earnings expectations. Fox News Digital reporting details the corporate restructuring and broader economic trends pushing legacy tech firms to aggressively pivot toward AI.
ROAD HAZARD: Waymo is issuing a sweeping recall of its autonomous vehicle fleet following a concerning incident that highlighted significant safety issues with the self-driving technology. Fox News Digital reporting outlines the specifics of the recall, the nature of the safety flaw, and what this setback means for the future of fully autonomous transportation on public roads.
BOTS IN THE BAY: A newly developed, artificial intelligence-powered robot has been engineered to seamlessly change and balance vehicle tires without human intervention. Fox News Digital reporting showcases this latest innovation, exploring how automation and AI mechanics could soon revolutionize the automotive service and repair industry.
OpenAI CEO Sam Altman speaks during the 2026 Infrastructure Summit in Washington, D.C., on March 11, 2026. (Kylie Cooper/Reuters)
FOLLOW FOX NEWS ON SOCIAL MEDIA
YouTube
SIGN UP FOR OUR OTHER NEWSLETTERS
Fox News First
Fox News Opinion
Fox News Lifestyle
Fox News Health
DOWNLOAD OUR APPS
Fox News
FOX Business
Fox Weather
Fox Sports
Tubi
WATCH FOX NEWS ONLINE
Fox News Go
STREAM FOX NATION
Fox Nation
Stay up to date on the latest AI technology advancements and learn about the challenges and opportunities AI presents now and for the future with Fox News here.
Microsoft Edge is adding a new feature that will allow its Copilot AI chatbot to gather information from all of your open tabs. When you start a conversation with Copilot, you can ask the chatbot questions about what’s in your tabs, compare the products you’re looking at, summarize your open articles, and more.
In its announcement, Microsoft says you can “select which experiences you want or leave off the ones you don’t.” The company is retiring Copilot Mode as well, which could similarly draw information from your tabs but offered some agentic features, like the ability to book a reservation on your behalf. Microsoft has since folded these agentic capabilities into its “Browse with Copilot” tool.
Several other AI features are coming to Edge, including an AI-powered “Study and Learn” mode that can turn the article you’re looking at into a study session or interactive quiz. There’s a new tool that turns your tabs into AI-powered podcasts as well, similar to what you’d find on NotebookLM, and an AI writing assistant that will pop up when you start entering text on a webpage.
You can also give Copilot permission to access your browsing history to provide more “relevant, high-quality answers,” according to Microsoft. Copilot in Edge on desktop and mobile will come with “long-term memory” as well, which can tailor its responses based on your previous conversations. And, when you open up a new tab, you’ll see a redesigned page that combines chat, search, and web navigation, along with the Journeys feature, which uses AI to organize your browsing history into categories that you can revisit.
Meanwhile, an update to Edge’s mobile app will allow you to share your screen with Copilot and talk through the questions about what you’re seeing. Microsoft says you’ll see “clear visual cues” when Copilot is active, “so you know when it’s taking an action, helping, listening, or viewing.”
-
News11 minutes agoThe Girls: “This isn’t ringing alarms to y’all?” : Embedded
-
New York2 hours agoMystery Grows Around Representative Thomas Kean Jr.’s Absence
-
Los Angeles, Ca2 hours agoMillions of dollars worth of counterfeit luxury goods found in downtown L.A. bust
-
Detroit, MI2 hours ago3 things to love about Lions 2026 schedule
-
San Francisco, CA2 hours agoTrump derangement syndrome: San Francisco can’t let baseball be baseball
-
Dallas, TX2 hours ago2026 Dallas Cowboys schedule officially announced
-
Miami, FL3 hours agoTua Tagovailoa will return to Miami for preseason contest against Dolphins
-
Boston, MA3 hours agoWeekend Happenings: Panda Fest and more