Skip to main content
  1. Home
  2. Phones
  3. Mobile
  4. News

New Android malware disguises itself as a Chrome update

Add as a preferred source on Google

There’s a new info-stealing malware hiding out there in a familiar cloak, waiting to infect your Android device. Zscaler’s security research team, ThreatLabZ, discovered the malware, which hides in the form of an Android Google Chrome update.

The domains used by the infostealer look like file names for Google updates, but each URL is only active for a little while before being replaced. It changes URLs like a spy changes clothing in order to remain undetected by URL filters.

ZScaler provided a list of URLs they’ve caught:

Recommended Videos

http[:]//ldatjgf[.]goog-upps.pw/ygceblqxivuogsjrsvpie555/

  • http[:]//iaohzcd[.]goog-upps.pw/wzbpqujtpfdwzokzcjhga555/
  • http[:]//uwiaoqx[.]marshmallovw.com/
  • http[:]//google-market2016[.]com/
  • http[:]//ysknauo[.]android-update17[.]pw/
  • http[:]//ysknauo[.]android-update16[.]pw/
  • http[:]//android-update15[.]pw/
  • http[:]//zknmvga[.]android-update15[.]pw/
  • http[:]//ixzgoue[.]android-update15[.]pw/
  • http[:]//zknmvga[.]android-update15[.]pw/
  • http[:]//gpxkumv.web-app.tech/xilkghjxmwvnyjsealdfy666/

Director of Security Research at Zscaler, Deepen Desai, told ZDNet, “The malware may arrive from compromised or malicious websites using scareware tactics or social engineering.” An easy way to avoid that trouble is to stay away from questionable websites in the first place, and think twice about clicking “Ok.”

He said, “One common theme we have seen in recent malicious android application packages involves scareware tactics where the user will see a popup indicating that their device is infected with a virus and asks them to update to clean up infection.”

After downloading, the fake update called “Update_chrome.apk” prompts unsuspecting Android users to grant it admin access. If they agree, the malware seeks out and nullifies any already installed security or antivirus apps like Avast, ESET, Dr. Web, and Kaspersky to prevent them from functioning as they should.

Once the security software is crippled, the fake Chrome goes about tracking all texts and calls, sending the info to a command-and-control server. The malware can even hang up on unknown callers. If the Google Play Store is installed, it will show a fake credit card payment page that looks eerily close to the real one. If the user falls for that, the malware will send the CC info to a Russian telephone number.

Since the user can’t revoke its admin access, once the user gives the fake chrome infostealer admin access, the only recourse is to factory reset the device.

Aliya Barnwell
Former Contributor
Aliya Tyus-Barnwell is a writer, cyclist and gamer with an interest in technology. Also a fantasy fan, she's had fiction…
Google’s next Gemini upgrade might not arrive as soon as expected
Even Google's AI needs more time to finish its homework
google-gemini-ai-news-accuracy

Google helped kickstart the modern AI race, but staying ahead has turned out to be far more difficult than joining it. According to a new Bloomberg report, the company has fallen months behind its internal schedule for launching Gemini 3.5 Pro, its next flagship AI model, as engineers continue working to improve one of its biggest weaknesses: coding.

The delay isn't simply about polishing another chatbot. It highlights a broader problem facing Google, where massive engineering teams, multiple product divisions and increasingly strict AI safety requirements are slowing the company's ability to respond to rivals that seem happy to move much faster.

Read more
The iPhone 18 Pro Max camera could open and close like a real lens for better portraits
A leaked factory log just spoiled the iPhone 18 Pro Max’s best camera upgrade
iphone 18 pro

Apple’s next flagship camera may learn how to open and close its eye. A diagnostic log reportedly connected to the iPhone 18 Pro Max contains calibration data for a variable-aperture main camera, according to Notebookcheck.

The internal document was found among files allegedly stolen from Apple supplier Tata Electronics and released by the World Leaks ransomware group. Apple has neither verified the material nor commented on the report. And of course, Apple has neither verified the material nor commented on the report.

Read more
Messi or Ronaldo? Caviar made football’s greatest rivalry an expensive 24-karat choice
Football’s biggest debate just became Android vs iPhone
Samsung Galaxy Z Fold 8 Ultra and iPhone 17 Pro with 24-karat gold design with Ronaldo and Messi etching

Caviar has moved football’s greatest debate onto another fiercely contested battlefield. The Android versus iPhone discussion is getting more heated by adding Ronaldo and Messi to the mix. The luxury-device company's new Legends collection pairs Lionel Messi with a customized Samsung Galaxy Z Fold 8 Ultra, while Cristiano Ronaldo gets an iPhone 17 Pro and iPhone 17 Pro Max. Both designs use handcrafted cloisonné enamel and 24-karat gold plating, with prices starting at $18,382 for Messi’s foldable and $15,974 for Ronaldo’s iPhone.

Messi gets the foldable, Ronaldo gets the iPhone

Read more