Cybersecurity researchers have exposed the inner workings of an Android malware called AntiDot that has compromised over 3,775 devices as part of 273 unique campaigns.

“Operated by the financially motivated threat actor LARVA-398, AntiDot is actively sold as a Malware-as-a-Service (MaaS) on underground forums and has been linked to a wide range of mobile campaigns,” PRODAFT said in a report shared with The Hacker News.

AntiDot is advertised as a “three-in-one” solution with capabilities to record the device screen by abusing Android’s accessibility services, intercept SMS messages, and extract sensitive data from third-party applications.