Android Malware Masquerading As Chrome Update Can Harvest Bank Info, Call Logs, Browser History And More

Horia Ungureanu, Tech Times 30 April 2016, 01:04 pm

Android users should be wary of a new malware that siphons their bank information and infects their devices in a sneaky way.

ThreatLabZ, the security team from Zscaler, unveiled the malware, which seems to land in the form of an update to Google Chrome for Android.

It is easy to get confused, as the domains used by the information thief closely resemble the legitimate ones. However, you should know that every URL is active for short periods of time. By constantly swapping addresses, the spying program keeps away from detection.

ZScaler published a list of the URLs known to be infected. Go to their site to check it out.

ZDNet contacted Deepen Desai, the chief for Security Research at Zscaler, about the issue.

"The malware may arrive from compromised or malicious websites using scareware tactics or social engineering," Desai says.

He offers sound advice that applies whether or not a threatening malware is out and about: avoid browsing dubious websites and double-check before clicking "Ok" to anything the Internet has to offer.

Some users will get a popup that indicates that their device is infected. Soon after that, an offer to update the security appears, promising to take care of the problem.

Users who go ahead and download the update (which usually goes by the name "Update_chrome.apk") get prompted with a request for admin rights to the device. Those who agree practically give free rein to the malware to find and destroy any previously deployed security or antivirus apps.

ZScaler points out that established anti-viruses, such as ESET, Kaspersky and Avast are vulnerable to the attack and stop working as soon as the admin rights are provided to the malicious software.

After the malware takes out your anti-virus program, the info-thief starts its work. The fake Chrome will track the full list of calls and texts and forward the list to a command-and-control server.

Should you have Google Play Store installed, a fake credit card payment is displayed, whose similarity to the original site is uncanny. Credit card information that users provide goes directly to a Russian database, according to ZScaler.

The good news is that there is a way out of this mess. The bad news is that it requires users to restore their device to factory settings.

Earlier this year, Google published its Android Security Annual report showcasing the efforts of the company to keep the ecosystem safe and sound from attacks.