SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
6 May 2016

Irremovable bank data-stealing Android malware poses as Google Chrome update

A banking and personal information stealing mobile malware posing as a Google Chrome update for Android, and which can't be removed from the infected device, has been spotted in the wild by cybersecurity researchers.

The infostealer malware - discovered by the Zscaler ThreatLabZ research team - is capable of harvesting banking information, call logs, SMS data and browser history which are all sent to a remote command-and-control server.

Rather than being served by one URL, the malware squats on multiple domains which are similar to existing Google updates. Each URL is only active for a short amount of time, with the addresses serving the malware regularly updated and replaced in order to ensure it avoids detection. Users who download the fake Android application package - titled "Update_chrome.apk" - are prompted to allow the malware to gain administrative access to their phone and in doing so, unwittingly infect their device.

According to Deepen Desai, Director of Security Research at Zscaler, users are often tricked into installing the malware the fake Chrome update will tell them they've been comporomised by a non-existent virus.

"The malware may arrive from compromised or malicious websites using scareware tactics or social engineering. One common theme we have seen in recent malicious android application packages involves scareware tactics where the user will see a popup indicating that their device is infected with a virus and asks them to update to clean up infection," he told.

Once installed, the malware checks for installed security applications which are supposed to provide protection and prevents them from working correctly. In their report on the malware, Zscaler researchers write that antivirus applications like Kaspersky, ESET, Avast and Dr. Web can all be terminated by the infostealer.

With the malware now free to do as it pleases on the infected devices, text messages and call logs are monitored, with all outgoing, received and missed communications logged and sent to a command-and-control server. Not only that, but the malware is capable of creating an authentic looking fake payment page - to take all major credit cards - in the Google Play store.

If payment information is entered, the malware takes a screenshot and sends it to a Russian phone number. Once installed on a device, the infostealer can't be removed because the malware refuses to allow the user to remove administrative access. The only way to remove the infection is to return the device to factory settings - an option which causes all data stored on the phone to be lost.

Tags:
Android Chrome information leaks
Source:
ZDNet
2337
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015