Fake Google Chrome Android App Infecting Users with Malicious Payload

Google Chrome is the go-to browser for almost all the Android users. There is, however, one thing that you need to keep in mind when downloading the browsers for your Android phone.

Famous for its poor security measures, Google play store has been an example over the past few years and now the IT security researchers at SophosLabs have spotted a malicious lookalike (Andr/SandRat-C) of the famous Google Chrome browser and the users who are used to downloading apps from third party stores are in trouble. Furthermore, they suspect that some other malware “Andr/Rootnik-AH” might even be on the Google play store.

More:  Latest Google Chrome Scam Aims At Stealing Credit Card Data

According to a security researcher at SophosLabs, Rowland Yu “the main point is that Google Play allows a compromised certificate [through the associated malware], though they know the certificate has been used to sign rootkit malware.”

As per reports, the malicious Chrome version is Andr/Rootnik-AH, and the malware is capable of reading and sending messages from the infected device, recording media, querying location, etc.

Not the first time

This isn’t the first time that security researchers have spotted a compromised app, though previously Google Play store was free from such ill apps. Back in 2015, an infected version of Chrome “Andr/SandRat-C” was seen to infect the users as well, but it wasn’t allowed entry in the Play store.

“When the first hacked version of Chrome was discovered in 2015, a few people were still downloading apps outside of Google Play,” Yu explained.

Evade Digital Signatures

Digital signatures are used to verify the authenticity of apps, and according to security researchers, the malware is capable of evading digital signatures. Furthermore, the fake Google Chrome browser displays the same icons as the legit on making it much harder to spot the difference between the two.

More:  Chrome Users Beware- Do Not Fall Prey to Missing Font Malware Campaign

Over the past few months, 292 malicious apps have been taken down from Google play. However, there are further 400 shady apps still in the play store. As the security experts are finding new ways to cope with cybersecurity threats, hackers are working hard too. And it looks like some serious scrutiny of the security measures is needed. Here are two lists of malicious apps 1 and 2 identified by SophosLabs.


DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.

Jahanzaib Hassan