AppLite Banker: New Android Trojan Stealing Banking & Crypto Data
Zimperium zLabs researchers have uncovered a new phishing campaign targeting Android devices with malicious software. The attack is designed to steal sensitive data, including banking credentials, cryptocurrency wallets, and information from confidential applications.
The investigation revealed a network of websites distributing an updated version of the banking Trojan known as Antidot. The latest variant, named AppLite Banker, surfaced after the previous version was identified in May 2024. Cybercriminals employed social engineering tactics, posing as recruiters offering job opportunities. Victims were instructed to download an application purportedly for employment purposes, which instead installed malware on their devices.
AppLite Banker, disguised as legitimate apps like Chrome and TikTok, can access not only personal data but also corporate information, particularly if the infected device is used for remote work.
The attackers utilize a variety of deceptive methods to ensnare their victims. The primary approach involves fraudulent job offer emails that appear genuine and contain links to websites mimicking pages of well-known companies. These sites prompt users to download fake CRM applications that deliver the malicious payload.
The Trojan employs sophisticated techniques to evade detection by antivirus solutions. For instance, it modifies ZIP archives and Android files to render them unanalyzable, complicating threat identification. Once installed, the malware requests special permissions on the device, enabling it to overlay fake windows on the interface, conceal notifications, and escalate its privileges.
To manage infected devices, the attackers rely on command-and-control (C2) servers. Additionally, the Trojan can remotely control devices through virtual desktop (VNC) access and even unlock screens automatically. AppLite Banker targets 95 banking, 62 cryptocurrency, and 13 financial applications. Furthermore, it is tailored for users speaking English, Spanish, French, German, Italian, Portuguese, and Russian.
To counter such threats, Zimperium offers real-time threat detection technologies. These solutions block malicious websites, safeguard devices against data breaches, and mitigate financial losses.
