Android Malware Installed Through Phony Update of Google Chrome

Cyber-security researchers have spotted one mobile malware that pretends to be an update of Google Chrome browser, which can be used on Android, but actually steals personal and banking data of the device's owner while it cannot be moved out of the contaminated device.

The info-stealer malicious program, which ThreatLabz research group of Zscaler discovered, posses the ability to dig out banking information, browse history, SMS data and call logs that are then transmitted onto one distantly located command-and-control (C&C) infrastructure.

Instead of getting served from a single URL, the malicious program rests on several websites that resemble the already present Google updates. All the domains are merely active for an extremely brief time-period, even as the URLs deliver the malicious program that's routinely updated as well as replaced so as for making sure it bypasses security identification.

When placed on the mobile phone, a connection is established between the malware and one remote website, prior to the former dispatching the aforementioned stolen information, says Zscaler. The malware further hunts for AV software on the mobile phone that it then attempts at disabling.

Called Update_chrome.apk as its file-name and when installed, the malware directs the device owner for granting it administrative rights. Subsequently, it makes an authorized connection between the device and the malware's C&C server named http [:]//varra.top/tapas/gtgtr[.]php, while starts recording the device's activity, and especially intercepts SMS and call data.

Moreover according to Zscaler, incase the victim's mobile contains Google's Play application then the malware will produce one fake payment page with the objective to capture payment card details which would all be transmitted onto one Russian phone-number. Threatpost.com posted this, April 29, 2016.

Unfortunately, the malware can't be removed else uninstalled from the affected mobile no matter whether its presence is known to the user. The reason -the malware originally gains administrative access while doesn't let the user disable its administrative privileges. Consequently, the user can only rely on his device undergoing 'factory reset' for eliminating the malware as also safeguarding his confidential data. However, 'factory reset' will as well erase all of user's other data, eventually causing a hapless situation for him.

» SPAMfighter News - 5/5/2016