There’s a new piece of nasty Android malware floating around that Android users should be on the lookout for. Masquerading as a update for Google’s mobile Chrome browser, the malware is hosted on webpages designed to look like they are official Google or Android landing pages.
Originally spotted by the security firm Zscaler, the malware is designed to monitor call logs, browser history, text messages and banking information. Once installed, the malware logs the aforementioned data and sends it all back to a remote command and control server. What’s more, Zscaler notes that the malware is capable of checking if a user has any antivirus apps installed, and if so, “terminating them to evade detection.”
So while user’s should be extra vigilant about this malware, we should note that installation can only occur if a user turns off a default Android setting which prevents the installation of software from non-approved sources.
After downloading the APK file, users would need to disable one of Android’s default security settings which prevents the installation of programs from unknown sources. Once that’s done and the target gives Update_chrome.apk administrative access, the malware registers the phone with its remote server, and monitors all SMS messages and calls, which it sends to remote servers.
If users open the Play Store on an infected device, the malware presents a phony payment information page for entering credit card numbers. After that data is entered, a screenshot is then sent to a phone number in Russia, which doesn’t sound like a safe way to store your banking data.
As if that weren’t nasty enough, the malware is extremely resilient can only be thoroughly removed when a user performs a factory reset on their device.
Moral of the story? The openness of Android is obviously one of its major benefits, but you might want to stick with the Google Play store or other approved storefronts for now.