Olde Hornet
Well-Known Member
Impersonating Google Play
Google Play is one of the most important apps on your Android phone, as it’s where you download new apps from as well as updates for your existing apps. It’s the kind of app you definitely want to keep up to date, which is why the hackers behind this campaign have decided to impersonate it.Like with other malware campaigns, this one uses phishing messages to trick users into installing it. Unsuspecting users may receive an email — or more likely a text message — that appears to come from Google telling them they need to update Google Play. The message also contains a malicious link that leads them to the malware itself which needs to be sideloaded as an APK file.
What’s particularly interesting about this campaign is that the fake Google Play update pages it uses have been crafted in several different languages including English, German, French, Spanish, Russian, Portuguese and Romanian. This lets the hackers behind the Antidot banking trojan target a wide range of Android users from multiple countries at the same time without having to tweak the campaign itself for each country.