An Android malware was recently found in the wild and is disguised to look like a legitimate Google Chrome update. An infected Android smartphone is at risk and the only remedy is to reset the device.
Zscaler, a technology company that focuses on cloud computing and internet security, spotted the infostealer early on. According to the company's report with regards to the malware, their personnel noticed a huge amount of traffic on their cloud server in connection with the malware. Further investigation showed that the malware is capable of stealing information from an infected phone, which include call logs, browser history, SMS data and even banking information. All of which are to be forwarded to an unknown server.
The company said, "Our research team has recently seen a large amount of activity in our cloud related to an Android infostealer disguised as a Google Chrome update. This malware is capable of harvesting call logs, SMS data, browser history and banking information and is sending it to a remote command and control (C&C) server. This malware is also capable of checking the installed antivirus applications and terminating them to evade detection."
The report also mentioned that the infected file is named as "Update_chrome.apk," a very true sounding filename, it then asks for administrative access after being downloaded and checks the Android device for any anti-virus or anti-malware apps installed, terminate the security protection, and immediately installs itself.
Once installed, it will start to do its primary job, to steal information from the infected Android phone or device.
Aside from monitoring SMS and call activities, it also presents its own payment page once a Play Store app has been downloaded and installed. Once the credit card information has been filled out, the malware sends it to a Russian phone number - +7926XXXX135, the company added.
Once infected, the malware cannot be easily removed or deactivated because of the administrative access it gained earlier. The only option remaining is to do a factory reset on the infected devices, which will wipe out everything from the device.
