It’s good mobile security practice to keep your devices regularly updated, but a new piece of Android malware suggests doing that could in fact lead to disaster. That’s because hackers have launched a devious new trojan that masquerades as an official Google Play update.
First discovered by cybersecurity company Cyble (via Tom’s Guide), the malware has the power to completely take over your phone. Dubbed Antidot, it can harvest your text messages, log which keys you press, and control things like your camera and screen lock. That means it’s an incredibly powerful weapon in the wrong hands, with the ability to track your passwords and banking logins and thereby gain access to a tremendous trove of personal data.
It’s thought that you’ll first encounter Antidot through phishing messages that claim to be from Google and tell you to update Google Play. If you follow the link in the message, you’re led to a convincing-looking website that offers up a malicious download package, which in turn installs Antidot. As you might have realized, this means the download needs to be sideloaded rather than coming from the legitimate Google Play Store itself, which should immediately ring alarm bells.
Cyble’s researchers noticed that Antidot can display pages in several different languages, suggesting that it can quickly be tailored for victims in different regions. That implies a level of sophistication beyond that possessed by simple amateur hackers.
How to stay safe
This hacking campaign serves to highlight the risks of installing anything from a suspicious location. The Google Play app can be updated from within the app itself, so Google would never recommend you install an update from a web page or other location – even if the page is carefully designed to look like the company’s official website.
For simplicity, you can enable automatic app updates on Android by opening the Google Play Store app, tapping your profile icon in the top-right corner, then selecting Settings > Network preferences > Auto-update apps. Now choose to either update over Wi-Fi or any network. This should ensure everything is kept up to date, rendering suspicious update texts and emails completely moot.
It would also be a good idea to install one of the best Android antivirus apps on your device. It only takes one slip-up for a bad actor to trick you, but an antivirus app can act as another line of defense to stop malware in its tracks. There’s also Google Play Protect, which scans apps downloaded from outside the Play Store.
Throw in a healthy dose of common sense and you should be able to steer clear of trojans like Antidot and keep your Android device safe from harm.