A recent analysis uncovered PhantomCall, a variant of the Antidot malware, using fake Chrome dropper apps to deceive Android users across Europe, North America, the Middle East, and Asia into granting them high-risk permissions under false pretenses. Once installed, the malware abuses Android’s accessibility and call-screening services, sends USSD codes, and blocks legitimate calls, silently hijacking communication channels to facilitate financial theft. Because the dropper mimics legitimate update prompts and leverages bypasses for built-in Android restrictions, it illustrates how threat actors are adapting to stronger platform defenses by relying on social engineering and trust hijacking.
Read the full report here.