Info-Stealing Malware Disguised as Google Chrome Update Discovered in Android Devices

android-infostealerResearchers at Zscaler reportedly spotted an Android infostealer that spreads by hiding under the guise of a Google Chrome update. The malware in question is capable of mining user data from call logs, SMS exchanges, browser history, and even banking and credit card credentials before sending them to a remote server.

The malware squats on different URLs that resemble actual, existing Google updates. Such domains are short-lived, and are regularly updated and replaced by new ones to avoid any form of URL-based filtering. When a user visits an infected website, an alert pops up and warns the user to install an update—a common scare tactic used to elicit a sense of urgency. It threatens the user that his/her device is compromised by a virus that it can only be free from infection by updating the system. In a statement, the researchers also note, “As part of the installation, the malware will ask for administrator privileges that allow it to terminate antivirus applications running in the background.”

Once the malware penetrates the system, it is capable of snooping on outgoing, incoming, and even missed communications from calls and text messages before sending it to its command-and-control server. Also, it is capable of terminating incoming calls from unknown callers.

Apart from this, the malware creates a malicious page that resembles a legitimate payment page in the Google Play Store. Credit card information keyed in by the user could then be considered stolen as the malware takes a screenshot and sends it to a Russian phone number.

The post furthers, “Once installed, this infostealer cannot be removed from the phone as the malware does not allow the user to deactivate its administrative access.” Once the mobile device is compromised, the only antidote to the infection would be to reset the device to its factory settings, which could lead to loss of the data saved in the user’s device.

While further investigations are currently ongoing,the researchers warned that an immense number of URLs are actively distributing the malware in the wild. This is a cause for concern for users as any unwitting victim of this personal-and-banking-information-stealing malware could turn into a potential victim of financial or banking fraud or even identity theft.

HIDE

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.