New Antidot Android Banking Trojan Masquerading as Fake Google Play Updates

May 20, 2024, 4:05 p.m.

Description

The "Antidot" Android Banking Trojan Masquerades As A Google Play Update App. It Strategically Targets Android Users Across Various Regions And Employs VNC And Overlay Techniques To Harvest Credentials.

External References

https://cyble.com/blog/new-antidot-android-banking-trojan-masquerading-as-google-play-updates/

https://otx.alienvault.com/pulse/664b3aaa22c4f79404275112

Tags

2024-05-20

Date

Created: May 20, 2024, 11:57 a.m.
Published: May 20, 2024, 11:57 a.m.
Modified: May 20, 2024, 4:05 p.m.

Indicators

a6f6e6fb44626f8e609b3ccb6cbf73318baf01d08ef84720706b205f2864b116
9f8a49432e76b9c69d33ea228cc44254bc0a58bfa15eb0c51a302c59db81caa3
7a0664c3a9914531c84d875669f6249b433d09155b1c06ad3654c210a1798ee0
654cfe773e92261a7e2c74f4b16bd36be9286a95840b49139cf18c8d4333345b

213.255.246.209
193.181.23.70
188.241.240.75
46.228.205.159

http://46.228.205.159:5055/
https://wgona.click/
http://213.255.246.209:5055
http://193.181.23.70:5055
http://188.241.240.75:5055

wgona.click

Download all indicators here!

Attack Patterns