Security research company Zscaler has found another case of Android malware running rampant in the wild. This malware is has a file name of “Update_chrome.apk”, which is fooling many to believe that they are simply downloading an update to their phone browser.
This malware is an “infostealer” collecting what should be a surprising amount of user information. Of course, in the world of Android, this is hardly a surprise anymore. The app is downloaded from a wide range of URLs which are named very closely to Google’s own URLs. These URLs are constantly changing, being taken down and replaced with new URLs effectively evading URL filtering.
Once the malware is loaded, it immediately requests admin access. Once this is granted, the malware checks for installed antivirus applications and terminates their processes. The malware then begins harvesting call logs, SMS data, browser history, and banking history and sends the information to a remote command and control server.
The malware also gives the user a fake payment page mimicking the Google Play Store. Once the user submits their credit card information, this information is sent to a Russian phone number.
As of now, this malware is being downloaded from outside the Google Play Store, although it is doing it’s best to mimic that it is official. The user must grant permission to the app, however, users believe they are granting permission to an official Chrome update. As always, be sure of where you are obtaining apps from, and be careful of what permissions you grant.
Remember, DTEK is your friend.