There’s a new info-stealing malware hiding out there in a familiar cloak, waiting to infect your Android device. Zscaler’s security research team, ThreatLabZ, discovered the malware, which hides in the form of an Android Google Chrome update.
The domains used by the infostealer look like file names for Google updates, but each URL is only active for a little while before being replaced. It changes URLs like a spy changes clothing in order to remain undetected by URL filters.
ZScaler provided a list of URLs they’ve caught.
After downloading, the fake update called “Update_chrome.apk” prompts unsuspecting Android users to grant it admin access. If they agree, the malware seeks out and nullifies any already installed security or antivirus apps like Avast, ESET, Dr. Web, and Kaspersky to prevent them from functioning as they should.
Since the user can’t revoke its admin access, once the user gives the fake chrome infostealer admin access, the only recourse is to factory reset the device.
Submitted by: Arnfried Walbrecht