Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Android Malware Installed Through Phony Update of Google Chrome

Cyber-security researchers have spotted one mobile malware that pretends to be an update of Google Chrome browser, which can be used on Android, but actually steals personal and banking data of the device's owner while it cannot be moved out of the contaminated device.

The info-stealer malicious program, which ThreatLabz research group of Zscaler discovered, posses the ability to dig out banking information, browse history, SMS data and call logs that are then transmitted onto one distantly located command-and-control (C&C) infrastructure.

Instead of getting served from a single URL, the malicious program rests on several websites that resemble the already present Google updates. All the domains are merely active for an extremely brief time-period, even as the URLs deliver the malicious program that's routinely updated as well as replaced so as for making sure it bypasses security identification.

When placed on the mobile phone, a connection is established between the malware and one remote website, prior to the former dispatching the aforementioned stolen information, says Zscaler. The malware further hunts for AV software on the mobile phone that it then attempts at disabling.

Called Update_chrome.apk as its file-name and when installed, the malware directs the device owner for granting it administrative rights. Subsequently, it makes an authorized connection between the device and the malware's C&C server named http [:]//varra.top/tapas/gtgtr[.]php, while starts recording the device's activity, and especially intercepts SMS and call data.

Moreover according to Zscaler, incase the victim's mobile contains Google's Play application then the malware will produce one fake payment page with the objective to capture payment card details which would all be transmitted onto one Russian phone-number. Threatpost.com posted this, April 29, 2016.

Unfortunately, the malware can't be removed else uninstalled from the affected mobile no matter whether its presence is known to the user. The reason -the malware originally gains administrative access while doesn't let the user disable its administrative privileges. Consequently, the user can only rely on his device undergoing 'factory reset' for eliminating the malware as also safeguarding his confidential data. However, 'factory reset' will as well erase all of user's other data, eventually causing a hapless situation for him.

ยป SPAMfighter News - 5/5/2016

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page