Skip to main content

New Android malware disguises itself as a Chrome update

There’s a new info-stealing malware hiding out there in a familiar cloak, waiting to infect your Android device. Zscaler’s security research team, ThreatLabZ, discovered the malware, which hides in the form of an Android Google Chrome update.

The domains used by the infostealer look like file names for Google updates, but each URL is only active for a little while before being replaced. It changes URLs like a spy changes clothing in order to remain undetected by URL filters.

ZScaler provided a list of URLs they’ve caught:

Recommended Videos

http[:]//ldatjgf[.]goog-upps.pw/ygceblqxivuogsjrsvpie555/

  • http[:]//iaohzcd[.]goog-upps.pw/wzbpqujtpfdwzokzcjhga555/
  • http[:]//uwiaoqx[.]marshmallovw.com/
  • http[:]//google-market2016[.]com/
  • http[:]//ysknauo[.]android-update17[.]pw/
  • http[:]//ysknauo[.]android-update16[.]pw/
  • http[:]//android-update15[.]pw/
  • http[:]//zknmvga[.]android-update15[.]pw/
  • http[:]//ixzgoue[.]android-update15[.]pw/
  • http[:]//zknmvga[.]android-update15[.]pw/
  • http[:]//gpxkumv.web-app.tech/xilkghjxmwvnyjsealdfy666/

Director of Security Research at Zscaler, Deepen Desai, told ZDNet, “The malware may arrive from compromised or malicious websites using scareware tactics or social engineering.” An easy way to avoid that trouble is to stay away from questionable websites in the first place, and think twice about clicking “Ok.”

He said, “One common theme we have seen in recent malicious android application packages involves scareware tactics where the user will see a popup indicating that their device is infected with a virus and asks them to update to clean up infection.”

After downloading, the fake update called “Update_chrome.apk” prompts unsuspecting Android users to grant it admin access. If they agree, the malware seeks out and nullifies any already installed security or antivirus apps like Avast, ESET, Dr. Web, and Kaspersky to prevent them from functioning as they should.

Once the security software is crippled, the fake Chrome goes about tracking all texts and calls, sending the info to a command-and-control server. The malware can even hang up on unknown callers. If the Google Play Store is installed, it will show a fake credit card payment page that looks eerily close to the real one. If the user falls for that, the malware will send the CC info to a Russian telephone number.

Since the user can’t revoke its admin access, once the user gives the fake chrome infostealer admin access, the only recourse is to factory reset the device.

Aliya Barnwell
Former Contributor
Aliya Tyus-Barnwell is a writer, cyclist and gamer with an interest in technology. Also a fantasy fan, she's had fiction…
With this new Android 16 feature, you’re one click away from enhanced protection
Someone holding a phone showing the Android 16 logo on its screen.

Android 16 is set to offer improved security for apps and services. Android Authority says this feature allows users to enhance their device’s security with a single click, surpassing Google’s Advanced Protection Program introduced in 2017.

The current feature is available to anyone with a Google account. It is recommended for individuals at higher risk of attacks, such as political campaign staff, journalists, activists, and business leaders. The program implements security keys or passkeys for signing in, provides additional protection against harmful downloads, and safeguards personal information by restricting access to Google Account data. Additionally, it offers enhanced protection against phishing and unauthorized access.

Read more
Chrome tab groups now allow mobile-desktop sync, and it’s utter chaos
Synced tab groups from Chrome appearing on an iPhone.

In September last year, Google announced a new feature that would let users sync their grouped tabs across mobile and desktop. It seems the company quietly started rolling it out in a phased manner.

I noticed the new synced tab group feature on my OnePlus 13 earlier today, after the Chrome v133 update was installed on February 12, as per the Google Play logs.

Read more
Tired of the same keyboard shortcuts? Android 16 could let you remap them
Redmagic 9S Pro Android gaming phone held in hand with game space Lobby running on it.

Amidst talks of turning the Android operating system into a proper ChromeOS competitor, Google is working on a feature for Android 16 that would enable users to remap keyboard shortcuts. Of course, this depends on how the OS handles physical keyboards — and so far, it does it quite well. Android already has an existing suite of shortcuts for navigating the interface, but it doesn't allow you to remap them, at least not officially.

There are plenty of apps you can download, but they're limited to what the Android Accessibility API can affect. The only legitimate way to remap the keys, at least right now, is through root access. The good news is native keyboard customization could be on the way, thanks to snippets of code found in the Android 16 Beta 1 release.

Read more