Skip to main content

New Android malware disguises itself as a Chrome update

There’s a new info-stealing malware hiding out there in a familiar cloak, waiting to infect your Android device. Zscaler’s security research team, ThreatLabZ, discovered the malware, which hides in the form of an Android Google Chrome update.

The domains used by the infostealer look like file names for Google updates, but each URL is only active for a little while before being replaced. It changes URLs like a spy changes clothing in order to remain undetected by URL filters.

ZScaler provided a list of URLs they’ve caught:

Recommended Videos

http[:]//ldatjgf[.]goog-upps.pw/ygceblqxivuogsjrsvpie555/

  • http[:]//iaohzcd[.]goog-upps.pw/wzbpqujtpfdwzokzcjhga555/
  • http[:]//uwiaoqx[.]marshmallovw.com/
  • http[:]//google-market2016[.]com/
  • http[:]//ysknauo[.]android-update17[.]pw/
  • http[:]//ysknauo[.]android-update16[.]pw/
  • http[:]//android-update15[.]pw/
  • http[:]//zknmvga[.]android-update15[.]pw/
  • http[:]//ixzgoue[.]android-update15[.]pw/
  • http[:]//zknmvga[.]android-update15[.]pw/
  • http[:]//gpxkumv.web-app.tech/xilkghjxmwvnyjsealdfy666/

Director of Security Research at Zscaler, Deepen Desai, told ZDNet, “The malware may arrive from compromised or malicious websites using scareware tactics or social engineering.” An easy way to avoid that trouble is to stay away from questionable websites in the first place, and think twice about clicking “Ok.”

He said, “One common theme we have seen in recent malicious android application packages involves scareware tactics where the user will see a popup indicating that their device is infected with a virus and asks them to update to clean up infection.”

After downloading, the fake update called “Update_chrome.apk” prompts unsuspecting Android users to grant it admin access. If they agree, the malware seeks out and nullifies any already installed security or antivirus apps like Avast, ESET, Dr. Web, and Kaspersky to prevent them from functioning as they should.

Once the security software is crippled, the fake Chrome goes about tracking all texts and calls, sending the info to a command-and-control server. The malware can even hang up on unknown callers. If the Google Play Store is installed, it will show a fake credit card payment page that looks eerily close to the real one. If the user falls for that, the malware will send the CC info to a Russian telephone number.

Since the user can’t revoke its admin access, once the user gives the fake chrome infostealer admin access, the only recourse is to factory reset the device.

Aliya Barnwell
Former Digital Trends Contributor
Aliya Tyus-Barnwell is a writer, cyclist and gamer with an interest in technology. Also a fantasy fan, she's had fiction…
Google just launched these 5 new features for your Android phone
The display on the Google Pixel 9 Pro XL.

Google is bringing a handful of new features to Android phones, including tools to keep users safe during a natural disaster, enhancements to accessibility using AI, and easier music discovery. Simultaneously, the company has reached a critical milestone with Android 15, pushing it closer to its public release in the coming weeks.
Keeping users safe during earthquakes

Google says its remarkable earthquake alert system is now available to users across all American states and territories. It plans to reach the entire target base within the next few weeks. Google has been testing the system, which also relies on vibration readings collected from a phone’s accelerometer, since 2020.

Read more
One of 2024’s most unique Android phones now comes in a gorgeous new color
The HMD Skyline in its blue color.

Many smartphone buyers may not care about the available color choices as they plan to use a case anyway. However, some obsess over new colors. For those folks, we have good news.

The recently released HMD Skyline is now available in Blue Topaz. Its release coincides with HMD’s collaboration with FC Barcelona as the club’s official smartphone partner.

Read more
This new Google Chrome feature could make the internet more pleasant
The Google Chrome logo on a smartphone.

The internet isn't the most hospitable place in the world, that's for sure. A new feature may be coming to the Chrome web browser that could make the interaction between people and websites a bit more pleasant -- tipping.

As mentioned in a Chrome Platforms Status blog post, Google Chrome plans to add Web Monetization technology that the Web Platform Incubator Community Group is working on to make it easier for users to tip their favorite sites.

Read more