Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Horrid Piece of Android Malware Monitors Browser History, Texts and Banking Information

Android users should be careful about a new piece of nasty Android malware moving around. The malware is camouflaged as an updated version of Chrome browser of Google's mobile, it is hosted on webpages which are designed to look like official Android landing pages or Google.

Security firm Zscaler originally spotted the malware which is designed to monitor call logs, text messages, banking information and history of the browser. When the malware is installed, it logs the above mentioned data and sends it all to a remote command and control server. Zscaler observes more about the malware as it can also find out about the presence of any antivirus apps, and if that is so, it can terminate the antivirus to avoid any detection.

ThreatLabz research group of Zscaler discovered the malicious program which steals information and found that it has the ability to bring out banking information, SMS data, histories of the browser and call logs which are then sent to one Command-And-Control (C&C) infrastructure located at distance.

The malicious program rests on many websites similar to already present updates of Google instead of getting functioned by a single URL. All domains are just active for a very short time-period, even if the URLs deliver the malicious program which are regularly replaced and updated to make sure that it evades security identification.

The malware called Update _chrome .apk as its file-name and when it is installed, it guides the owner of the device to grant it administrative rights. Later on, it makes a lawful connection between the device and C&C server of the malware namely http(:)//varra.top/tapas/gtgtr(.)php and starts recording the activity of the device and especially intercepts call data and SMS.

Moreover Zscaler says that if the mobile of the victim contains Google"s Play application then the malware will create one fake page to capture details of payment card which will be sent to one Russian phone number.

Unfortunately, the malware cannot be removed or uninstalled from the infected mobile even if the user comes to know about its presence. The reason - the malware initially gains administrative access which does not permit the user to disable its administrative freedoms. Hence, the user can only rely on his device which is undergoing 'factory reset' for removing the malware and securing his confidential data.

ยป SPAMfighter News - 5/12/2016

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page