Skip to main content

New Android malware disguises itself as a Chrome update

There’s a new info-stealing malware hiding out there in a familiar cloak, waiting to infect your Android device. Zscaler’s security research team, ThreatLabZ, discovered the malware, which hides in the form of an Android Google Chrome update.

The domains used by the infostealer look like file names for Google updates, but each URL is only active for a little while before being replaced. It changes URLs like a spy changes clothing in order to remain undetected by URL filters.

ZScaler provided a list of URLs they’ve caught:

Recommended Videos

http[:]//ldatjgf[.]goog-upps.pw/ygceblqxivuogsjrsvpie555/

  • http[:]//iaohzcd[.]goog-upps.pw/wzbpqujtpfdwzokzcjhga555/
  • http[:]//uwiaoqx[.]marshmallovw.com/
  • http[:]//google-market2016[.]com/
  • http[:]//ysknauo[.]android-update17[.]pw/
  • http[:]//ysknauo[.]android-update16[.]pw/
  • http[:]//android-update15[.]pw/
  • http[:]//zknmvga[.]android-update15[.]pw/
  • http[:]//ixzgoue[.]android-update15[.]pw/
  • http[:]//zknmvga[.]android-update15[.]pw/
  • http[:]//gpxkumv.web-app.tech/xilkghjxmwvnyjsealdfy666/
Please enable Javascript to view this content

Director of Security Research at Zscaler, Deepen Desai, told ZDNet, “The malware may arrive from compromised or malicious websites using scareware tactics or social engineering.” An easy way to avoid that trouble is to stay away from questionable websites in the first place, and think twice about clicking “Ok.”

He said, “One common theme we have seen in recent malicious android application packages involves scareware tactics where the user will see a popup indicating that their device is infected with a virus and asks them to update to clean up infection.”

After downloading, the fake update called “Update_chrome.apk” prompts unsuspecting Android users to grant it admin access. If they agree, the malware seeks out and nullifies any already installed security or antivirus apps like Avast, ESET, Dr. Web, and Kaspersky to prevent them from functioning as they should.

Once the security software is crippled, the fake Chrome goes about tracking all texts and calls, sending the info to a command-and-control server. The malware can even hang up on unknown callers. If the Google Play Store is installed, it will show a fake credit card payment page that looks eerily close to the real one. If the user falls for that, the malware will send the CC info to a Russian telephone number.

Since the user can’t revoke its admin access, once the user gives the fake chrome infostealer admin access, the only recourse is to factory reset the device.

Aliya Barnwell
Former Digital Trends Contributor
Aliya Tyus-Barnwell is a writer, cyclist and gamer with an interest in technology. Also a fantasy fan, she's had fiction…
This new Android phone looks like a photographer’s dream
Sharp Aquos R9 Pro

Sharp has announced an intriguing new phone aimed at mobile photographers. It's called the Sharp Aquos R9 Pro, and while it may not have the best name, there's a lot to talk about here.

The Aquos R9 Pro has many interesting features, starting with its gigantic camera bump on the back, which houses three powerful cameras: a 50.3-megapixel primary camera, a 50.3MP telephoto camera, and a 50.3MP ultrawide camera. The cameras are surrounded by a vegan leather backplate.

Read more
Motorola is already updating some phones to its Android 15 beta
The Android 15 logo on a smartphone.

Android fans can breathe a sigh of relief. The long-awaited Android 15 is finally here and is rolling out to compatible smartphones. We knew the release was coming; in fact, we reported on it rolling out to Pixel devices yesterday, and Motorola had already confirmed that it would be coming to a wide range of devices.

According to a report from GSMArena, some users have begun to see Android 15 beta show up on the Motorola Edge 50 Fusion, but it's likely that the update is also hitting other Edge 50 models. These phones are currently receiving the Android 15 beta update, but the full version will make its way to these handsets, too — possibly by the end of the year if we assume the current update is a test of stability for the OS.

Read more
Android 15 is now rolling out to Pixels. Here’s what’s new
Android 15 logo on a Google Pixel 8.

The wait for a next-generation Android experience is finally over. Google today released the public version of Android 15, and it is now making its way to compatible phones, starting with the company’s Pixel series of smartphones.

Among the key areas where Android 15 brings the biggest set of upgrades are safety and privacy. To that end, users will soon be able to create a safe space for all their sensitive apps, locked behind their device’s local password or biometric layer.

Read more