1. Mobile

New Android malware disguises itself as a Chrome update

By

1 of 5
infostealer malware hides as android chrome av check
infostealer malware hides as android chrome c
infostealer malware hides as android chrome end call
infostealer malware hides as android chrome cc theft
virus phone
There’s a new info-stealing malware hiding out there in a familiar cloak, waiting to infect your Android device. Zscaler’s security research team, ThreatLabZ, discovered the malware, which hides in the form of an Android Google Chrome update.

The domains used by the infostealer look like file names for Google updates, but each URL is only active for a little while before being replaced. It changes URLs like a spy changes clothing in order to remain undetected by URL filters.

ZScaler provided a list of URLs they’ve caught:

http[:]//ldatjgf[.]goog-upps.pw/ygceblqxivuogsjrsvpie555/

  • http[:]//iaohzcd[.]goog-upps.pw/wzbpqujtpfdwzokzcjhga555/
  • http[:]//uwiaoqx[.]marshmallovw.com/
  • http[:]//google-market2016[.]com/
  • http[:]//ysknauo[.]android-update17[.]pw/
  • http[:]//ysknauo[.]android-update16[.]pw/
  • http[:]//android-update15[.]pw/
  • http[:]//zknmvga[.]android-update15[.]pw/
  • http[:]//ixzgoue[.]android-update15[.]pw/
  • http[:]//zknmvga[.]android-update15[.]pw/
  • http[:]//gpxkumv.web-app.tech/xilkghjxmwvnyjsealdfy666/

Director of Security Research at Zscaler, Deepen Desai, told ZDNet, “The malware may arrive from compromised or malicious websites using scareware tactics or social engineering.” An easy way to avoid that trouble is to stay away from questionable websites in the first place, and think twice about clicking “Ok.”

He said, “One common theme we have seen in recent malicious android application packages involves scareware tactics where the user will see a popup indicating that their device is infected with a virus and asks them to update to clean up infection.”

After downloading, the fake update called “Update_chrome.apk” prompts unsuspecting Android users to grant it admin access. If they agree, the malware seeks out and nullifies any already installed security or antivirus apps like Avast, ESET, Dr. Web, and Kaspersky to prevent them from functioning as they should.

Once the security software is crippled, the fake Chrome goes about tracking all texts and calls, sending the info to a command-and-control server. The malware can even hang up on unknown callers. If the Google Play Store is installed, it will show a fake credit card payment page that looks eerily close to the real one. If the user falls for that, the malware will send the CC info to a Russian telephone number.

Since the user can’t revoke its admin access, once the user gives the fake chrome infostealer admin access, the only recourse is to factory reset the device.

Editors' Recommendations

What is Google Pay, and how do you use it?

Google Pay Feature image

The best smartphones for 2020

iPhone 12 Pro front

Protect your privacy with the best cheap VPN deals for November 2020

best vpn for small business man holding phone app creation internet protocols protection network

How to use Google Meet

Google Meet

How to get developer options on Android

How to hide photos on your Android phone or tablet

Google Photos

How to install third-party fonts in iOS 13

Best mobile plans and cell phones for seniors who just want to stay in touch

How to make a contact group on an iPhone

How to create, customize, and use Memoji in Apple’s iOS 13

How to create and set custom ringtones for your Android phone

Best smartwatch deals for November 2020: Samsung, Fitbit, and Apple Watch sales

How to install Kodi on your iPhone or iPad

re engineer humanity evan selinger interview caucasian woman using cell phone in bed

How to get Fortnite on your Android device

How to replace your iPhone’s battery