New Antidot Android Banking Trojan Masquerading as Fake Google Play Updates

May 20, 2024, 4:05 p.m.

Tags
2024-05-20
External References
Description

The "Antidot" Android Banking Trojan Masquerades As A Google Play Update App. It Strategically Targets Android Users Across Various Regions And Employs VNC And Overlay Techniques To Harvest Credentials.

Date

Published: May 20, 2024, 11:57 a.m.

Created: May 20, 2024, 11:57 a.m.

Modified: May 20, 2024, 4:05 p.m.

Indicators

a6f6e6fb44626f8e609b3ccb6cbf73318baf01d08ef84720706b205f2864b116

9f8a49432e76b9c69d33ea228cc44254bc0a58bfa15eb0c51a302c59db81caa3

7a0664c3a9914531c84d875669f6249b433d09155b1c06ad3654c210a1798ee0

654cfe773e92261a7e2c74f4b16bd36be9286a95840b49139cf18c8d4333345b

213.255.246.209

193.181.23.70

188.241.240.75

46.228.205.159

http://46.228.205.159:5055/

https://wgona.click/

http://213.255.246.209:5055

http://193.181.23.70:5055

http://188.241.240.75:5055

wgona.click

Download all indicators here!

Attack Patterns

T1516

T1512

T1429

T1426

T1417

T1513

T1418