Skip to main content
  1. Home
  2. Mobile
  3. News

New Android malware disguises itself as a Chrome update

By

There’s a new info-stealing malware hiding out there in a familiar cloak, waiting to infect your Android device. Zscaler’s security research team, ThreatLabZ, discovered the malware, which hides in the form of an Android Google Chrome update.

The domains used by the infostealer look like file names for Google updates, but each URL is only active for a little while before being replaced. It changes URLs like a spy changes clothing in order to remain undetected by URL filters.

ZScaler provided a list of URLs they’ve caught:

Recommended Videos

http[:]//ldatjgf[.]goog-upps.pw/ygceblqxivuogsjrsvpie555/

  • http[:]//iaohzcd[.]goog-upps.pw/wzbpqujtpfdwzokzcjhga555/
  • http[:]//uwiaoqx[.]marshmallovw.com/
  • http[:]//google-market2016[.]com/
  • http[:]//ysknauo[.]android-update17[.]pw/
  • http[:]//ysknauo[.]android-update16[.]pw/
  • http[:]//android-update15[.]pw/
  • http[:]//zknmvga[.]android-update15[.]pw/
  • http[:]//ixzgoue[.]android-update15[.]pw/
  • http[:]//zknmvga[.]android-update15[.]pw/
  • http[:]//gpxkumv.web-app.tech/xilkghjxmwvnyjsealdfy666/

Director of Security Research at Zscaler, Deepen Desai, told ZDNet, “The malware may arrive from compromised or malicious websites using scareware tactics or social engineering.” An easy way to avoid that trouble is to stay away from questionable websites in the first place, and think twice about clicking “Ok.”

Related

He said, “One common theme we have seen in recent malicious android application packages involves scareware tactics where the user will see a popup indicating that their device is infected with a virus and asks them to update to clean up infection.”

After downloading, the fake update called “Update_chrome.apk” prompts unsuspecting Android users to grant it admin access. If they agree, the malware seeks out and nullifies any already installed security or antivirus apps like Avast, ESET, Dr. Web, and Kaspersky to prevent them from functioning as they should.

Once the security software is crippled, the fake Chrome goes about tracking all texts and calls, sending the info to a command-and-control server. The malware can even hang up on unknown callers. If the Google Play Store is installed, it will show a fake credit card payment page that looks eerily close to the real one. If the user falls for that, the malware will send the CC info to a Russian telephone number.

Since the user can’t revoke its admin access, once the user gives the fake chrome infostealer admin access, the only recourse is to factory reset the device.

Editors’ Recommendations

Topics
Aliya Barnwell
Aliya Barnwell
Former Digital Trends Contributor
Aliya Tyus-Barnwell is a writer, cyclist and gamer with an interest in technology. Also a fantasy fan, she's had fiction…
A virus infected more than 11 million Android devices. Here’s what we know
A person holding an Android phone while on a bike. The display shows the Google Play Store.

According to statistics, it's expected that people will download 143 billion apps in 2026 alone. That's a lot of people and a lot of phones, so it's no surprise that bad actors have pinpointed the Play Store as an ideal distribution center. According to security researchers at Kaspersky SecureList, the infamous Necro malware has been found in Android, with more than an estimated 11 million devices infected.

The estimated download count comes from the researchers taking a look at the different infected apps. There are several that are confirmed infected, including Wuta Camera and Max Browser. There are also WhatsApp mods from unofficial sources that carry the malware, as well as a Spotify mod called Spotify Plus — yes, like the premium service. The report also touches on a number of infected mods for games like Minecraft and Melon Sandbox.

Read more
The Xiaomi 14T Pro is a cool (but confusing) new Android phone
The back of the Xiaomi 14T Pro.

Xiaomi’s T-series smartphones are always quite confusing, as you may expect them to be a straight mid-generation upgrade over the older non-T series phone. However, this is not always so, and the Xiaomi 14T Pro proves it.

The design has undergone some changes compared to the Xiaomi 14 Pro, with the camera module on the back taking on a more iPhone-like style. The flattened aluminum chassis gives a similar in-hand feel to recent iPhone models, too. It can’t hide its 209-gram weight or the 8.3mm thickness, making it a very substantial phone. It does feel high-quality and suitably durable, plus the 14T Pro has an IP68 dust and water resistance rating.

Read more
Google just launched these 5 new features for your Android phone
The display on the Google Pixel 9 Pro XL.

Google is bringing a handful of new features to Android phones, including tools to keep users safe during a natural disaster, enhancements to accessibility using AI, and easier music discovery. Simultaneously, the company has reached a critical milestone with Android 15, pushing it closer to its public release in the coming weeks.
Keeping users safe during earthquakes

Google says its remarkable earthquake alert system is now available to users across all American states and territories. It plans to reach the entire target base within the next few weeks. Google has been testing the system, which also relies on vibration readings collected from a phone’s accelerometer, since 2020.

Read more