New Android Malware Surge Hits Devices via Overlays, Virtualization Fraud and NFC Theft

Cybersecurity researchers have exposed the inner workings of an Android malware called AntiDot that has compromised over 3,775 devices as part of 273 unique campaigns. "Operated by the financially motivated threat actor LARVA-398, AntiDot is actively sold as a Malware-as-a-Service (MaaS) on underground forums and has been linked to a wide range of mobile campaigns," PRODAFT said in a report shared with The Hacker News. AntiDot is advertised as a "three-in-one" solution with capabilities to record the device screen by abusing Android's accessibility services, intercept SMS messages, and extract sensitive data from third-party applications. The Android botnet is suspected to be delivered via malicious advertising networks or through highly tailored phishing campaigns based on activity that indicates selective targeting of victims based on language and geographic location. AntiDot was first publicly documented in May 2024 after it was spotted being distributed as Google Play updates to accomplish its information theft objectives. Like other Android trojans, it features a wide range of capabilities to conduct overlay attacks, log keystrokes, and remotely control infected devices using Android's MediaProjection API. It also establishes a WebSocket communication to facilitate real-time, bi-directional communication between the infected device and an external server. In December 2024, Zimperium revealed details of a mobile phishing campaign that distributed an updated version of…Read More