Skip to main content

New Android malware disguises itself as a Chrome update

There’s a new info-stealing malware hiding out there in a familiar cloak, waiting to infect your Android device. Zscaler’s security research team, ThreatLabZ, discovered the malware, which hides in the form of an Android Google Chrome update.

The domains used by the infostealer look like file names for Google updates, but each URL is only active for a little while before being replaced. It changes URLs like a spy changes clothing in order to remain undetected by URL filters.

ZScaler provided a list of URLs they’ve caught:

http[:]//ldatjgf[.]goog-upps.pw/ygceblqxivuogsjrsvpie555/

  • http[:]//iaohzcd[.]goog-upps.pw/wzbpqujtpfdwzokzcjhga555/
  • http[:]//uwiaoqx[.]marshmallovw.com/
  • http[:]//google-market2016[.]com/
  • http[:]//ysknauo[.]android-update17[.]pw/
  • http[:]//ysknauo[.]android-update16[.]pw/
  • http[:]//android-update15[.]pw/
  • http[:]//zknmvga[.]android-update15[.]pw/
  • http[:]//ixzgoue[.]android-update15[.]pw/
  • http[:]//zknmvga[.]android-update15[.]pw/
  • http[:]//gpxkumv.web-app.tech/xilkghjxmwvnyjsealdfy666/

Director of Security Research at Zscaler, Deepen Desai, told ZDNet, “The malware may arrive from compromised or malicious websites using scareware tactics or social engineering.” An easy way to avoid that trouble is to stay away from questionable websites in the first place, and think twice about clicking “Ok.”

He said, “One common theme we have seen in recent malicious android application packages involves scareware tactics where the user will see a popup indicating that their device is infected with a virus and asks them to update to clean up infection.”

After downloading, the fake update called “Update_chrome.apk” prompts unsuspecting Android users to grant it admin access. If they agree, the malware seeks out and nullifies any already installed security or antivirus apps like Avast, ESET, Dr. Web, and Kaspersky to prevent them from functioning as they should.

Once the security software is crippled, the fake Chrome goes about tracking all texts and calls, sending the info to a command-and-control server. The malware can even hang up on unknown callers. If the Google Play Store is installed, it will show a fake credit card payment page that looks eerily close to the real one. If the user falls for that, the malware will send the CC info to a Russian telephone number.

Since the user can’t revoke its admin access, once the user gives the fake chrome infostealer admin access, the only recourse is to factory reset the device.

Editors' Recommendations

Aliya Barnwell
Former Digital Trends Contributor
Aliya Tyus-Barnwell is a writer, cyclist and gamer with an interest in technology. Also a fantasy fan, she's had fiction…
You should pay attention to TCL’s two new Android tablets
A close-up render of the TCL NXTPAPER 14 Pro tablet.

During CES 2024 in Las Vegas, TCL unveiled two new tablets: the TCL NxtPaper 14 Pro and Tab 10 NxtPaper 5G.

Both devices feature the company’s recently announced TCL NxtPaper 3.0 technology. This isn't the first time we've seen NxtPaper technology from TCL, but the 3.0 version has some pretty promising upgrades.
What's new with NxtPaper 3.0
TCL has improved its popular display technology with the release of TCL NxtPaper 3.0. This technology provides a full-color, paper-like experience while retaining the benefits of traditional LCD screens. The latest version has Circularly Polarized Light (CPL) screens, which mimic natural light’s “emission/reflection/refraction” path. This feature creates a visual experience similar to reading books under natural light, resulting in extra eye comfort and a more paper-like screen.

Read more
Your Android phone just got an update that could save your life
A person holding the OnePlus 11 and Google Pixel 8.

When you’re in an emergency, every second matters. And if you already have your health information on your phone, it’s going to be even easier than ever to get that critical information over to operators. Now, when you make an emergency call on your Android phone, your health information can be sent directly to emergency services when you call 911.

This new feature update is made possible due to Google partnering with RapidSOS to allow data from Android ELS (Emergency Location Service) to be given to emergency contacts and first responders. The type of data that we’re talking about is critical medical information that can save your life, such as blood type, emergency contacts, and severe allergies. This is all information that the user sets up and is stored locally on their Android device.

Read more
Your Android phone is getting lots of fun new features this month
Android 14 logo on the Google Pixel 8 Pro.

It’s a big day for Android updates, as Google has announced more than a dozen new features spread across multiple devices and apps — including a host of fun new ways to make Google Messages more visually exciting and to mark a significant milestone in its use.

Ready to see everything that's new? Let's dig in.
Google Messages

Read more