More than 3,775 Android devices have been infected with the AntiDot Android malware-as-a-service botnet across 273 attack campaigns, reports The Hacker News.
Malicious emails or advertising networks have been leveraged to deploy an APK file, the execution of which results in the appearance of a fake update bar luring targets into approving accessibility permissions that subsequently leads to AntiDot injection, an analysis from PRODAFT showed. Aside from tracking recently launched apps and utilizing accessibility services for screen content gathering activities, AntiDot, which is managed by LARVA-398, also facilitates phone call monitoring and blocking, as well as real-time notification monitoring. Additional findings revealed AntiDot to be supported by a command-and-control panel allowing real-time communications. "AntiDot represents a scalable and evasive MaaS platform designed for financial gain through persistent control of mobile devices, especially in localized and language-specific regions," said PRODAFT researchers. Such a development comes amid the reemergence of the GodFather Android banking trojan, which was noted by Zimperium researchers to have been significantly improved to enable real-time fraud.
Malicious emails or advertising networks have been leveraged to deploy an APK file, the execution of which results in the appearance of a fake update bar luring targets into approving accessibility permissions that subsequently leads to AntiDot injection, an analysis from PRODAFT showed. Aside from tracking recently launched apps and utilizing accessibility services for screen content gathering activities, AntiDot, which is managed by LARVA-398, also facilitates phone call monitoring and blocking, as well as real-time notification monitoring. Additional findings revealed AntiDot to be supported by a command-and-control panel allowing real-time communications. "AntiDot represents a scalable and evasive MaaS platform designed for financial gain through persistent control of mobile devices, especially in localized and language-specific regions," said PRODAFT researchers. Such a development comes amid the reemergence of the GodFather Android banking trojan, which was noted by Zimperium researchers to have been significantly improved to enable real-time fraud.
