Fake Google Chrome Update Leads to Android Malware Stealing Personal Data

Android Users Beware- This New Malware can Retrieve Banking Information and Track your Texts

For Android users, using their devices has become so much risky nowadays due to the emergence of a new malware every other day. This time, a dangerous malware has surfaced that appears to be just another harmless Google Chrome’s mobile version’s update but in reality, it is a malicious software aiming to get your financial details and private data. The web pages on which this malware is being hosted are also designed to look like the official Android or Google landing pages.

This malware reminds users of 2015’s CTB Locker/Critroni ransomware tricking users into downloading fake Google Chrome update and steal their data however the new malware has been identified by Zscaler, a security firm. According to their analysis, this malware is so powerful that it can monitor call logs, track text messages, retrieve browser history and most devastating is the fact that it also steals banking information.

When this malware is installed, the data that it can potentially steal is transferred to a remote C2 (command & control server). As per the analysis of Zscaler, this malware can also detect and even terminate any antivirus app that is installed on the target computer. In fact, it is so resilient that the victim cannot delete it permanently from the device unless factory resets action is performed.

However, it must be noted that the malware can only get installed if the default Android setting has been turned off by the user because it prevents the device from installing software that comes from unauthentic sources.

According to Tom’s Guide, the malware’s operational capabilities are tremendously powerful.

“After downloading the APK file, users would need to disable one of Android’s default security settings which prevent the installation of programs from unknown sources. Once that’s done and the target gives Update_chrome.apk administrative access, the malware registers the phone with its remote server, and monitors all SMS messages and calls, which it sends to remote servers.”

But what happens when Play Store, Android devices’ official apps downloading platform, is accessed by the user of the infected device? Tom Guide answers the query:

“If users open the Play Store on an infected device, the malware presents a phony payment information page for entering credit card numbers. After that data is entered, a screenshot is then sent to a phone number in Russia, which doesn’t sound like a safe way to store your banking data.”

So, we would suggest that you only opt for Google Play Store for downloading apps if you want to avoid malware like the aforementioned one.