| Zimperium Labs Uncovers New Applite Variant Targeting Android Users |
|---|
| Zimperium zLabs recently discovered a new variant of the mobile banking Trojan Antidot, dubbed Applite Banker, that is spreading malicious software to Android devices. The attack aims to steal sensitive data such as bank accounts, cryptocurrency wallets, and applications containing confidential information. |
| The investigation conducted by Zimperium revealed a network of sites distributing the updated version of the banking Trojan Antidot, known as Applite Banker. This new version emerged after the previous one was discovered in May 2024. Hackers employed social engineering tactics, posing as recruiters offering job opportunities to users. Once users downloaded the application to proceed with the alleged “employment,” malicious software was installed on their devices. |
| Disguised as popular applications like Chrome and Tiktok, Applite Banker can not only access personal data but also potentially compromise corporate data if the device is used for remote work. |
| The hackers behind the Trojan utilize various methods to deceive their victims. One common tactic involves sending fake job offer emails that closely mimic legitimate correspondence and contain links to sites replicating pages of well-known companies. Users are prompted to download a fake CRM application from these sites, unknowingly installing malicious software. |
| Applite Banker employs sophisticated techniques to evade detection by antivirus programs. The Trojan modifies ZIP archives and Android files to impede analysis, making it challenging to detect the threat. Once installed, the Trojan requests specific permissions on the device to enable the display of fake windows, message concealment, and additional rights. |
| Operating through Command and Control (C2) servers, the Trojan can remotely manage infected devices, utilize virtual desktop technology (VNC) for control, and automatically unlock the screen. Targeting 95 banking, 62 cryptocurrency, and 13 financial applications, the Trojan is designed for users who speak English, Spanish, French, German, Italian, Portuguese, and Russian. |
| Zimperium offers real-time threat detection technologies to safeguard against such attacks. Their solutions identify and block malicious sites, preventing data breaches and financial losses for users. |
/Reports, release notes, official announcements.