Skip to main content

New Android malware disguises itself as a Chrome update

There’s a new info-stealing malware hiding out there in a familiar cloak, waiting to infect your Android device. Zscaler’s security research team, ThreatLabZ, discovered the malware, which hides in the form of an Android Google Chrome update.

The domains used by the infostealer look like file names for Google updates, but each URL is only active for a little while before being replaced. It changes URLs like a spy changes clothing in order to remain undetected by URL filters.

ZScaler provided a list of URLs they’ve caught:

http[:]//ldatjgf[.]goog-upps.pw/ygceblqxivuogsjrsvpie555/

  • http[:]//iaohzcd[.]goog-upps.pw/wzbpqujtpfdwzokzcjhga555/
  • http[:]//uwiaoqx[.]marshmallovw.com/
  • http[:]//google-market2016[.]com/
  • http[:]//ysknauo[.]android-update17[.]pw/
  • http[:]//ysknauo[.]android-update16[.]pw/
  • http[:]//android-update15[.]pw/
  • http[:]//zknmvga[.]android-update15[.]pw/
  • http[:]//ixzgoue[.]android-update15[.]pw/
  • http[:]//zknmvga[.]android-update15[.]pw/
  • http[:]//gpxkumv.web-app.tech/xilkghjxmwvnyjsealdfy666/

Director of Security Research at Zscaler, Deepen Desai, told ZDNet, “The malware may arrive from compromised or malicious websites using scareware tactics or social engineering.” An easy way to avoid that trouble is to stay away from questionable websites in the first place, and think twice about clicking “Ok.”

He said, “One common theme we have seen in recent malicious android application packages involves scareware tactics where the user will see a popup indicating that their device is infected with a virus and asks them to update to clean up infection.”

After downloading, the fake update called “Update_chrome.apk” prompts unsuspecting Android users to grant it admin access. If they agree, the malware seeks out and nullifies any already installed security or antivirus apps like Avast, ESET, Dr. Web, and Kaspersky to prevent them from functioning as they should.

Once the security software is crippled, the fake Chrome goes about tracking all texts and calls, sending the info to a command-and-control server. The malware can even hang up on unknown callers. If the Google Play Store is installed, it will show a fake credit card payment page that looks eerily close to the real one. If the user falls for that, the malware will send the CC info to a Russian telephone number.

Since the user can’t revoke its admin access, once the user gives the fake chrome infostealer admin access, the only recourse is to factory reset the device.

Editors' Recommendations

Aliya Barnwell
Former Digital Trends Contributor
Aliya Tyus-Barnwell is a writer, cyclist and gamer with an interest in technology. Also a fantasy fan, she's had fiction…
A new Android 14 update is here — but you still shouldn’t download it
The Android 14 logo.

Google has released the second developer preview of Android 14, as the next major version of the operating system takes another step toward a full release. Like the first Android 14 developer preview, the clue as to who it’s for is in the name.

This early version is designed for developers to test new features and designs in their apps, and to explore how new tools in the software could help improve them. It’s not designed for everyday use by consumers -- that version will come later.

Read more
Android Auto just got a much-requested new feature
Android Auto in a car.

Android Auto is an excellent platform that helps bridge the gap between a driver's phone and their car's control center, and now it's getting even better.

The latest update for the Android Auto beta adds an exciting amount of customization to the interface's widgets. Now, instead of the usual fixed layout that users have grown accustomed to, the widgets are interchangeable and able to be customized to best accommodate a driver's needs.

Read more
Google just announced 9 new features for your Android phone and watch
Samsung Galaxy S23 showing Google Photos

Google has announced some big new features coming to Android and Wear OS devices during the Mobile World Congress 2023 event in Barcelona, Spain. These new features are beginning to roll out starting today, February 27, with others to come later.
New Android features available starting February 27

Google Drive users will now be able to do freehand annotation on Android phones and tablets. This means you are now able to use a stylus or your fingers to annotate PDFs directly in the Google Drive app on Android.

Read more