A security research firm has uncovered a new Android malware which poses as a Google Chrome update but in fact obtains administrative access on Android devices to steal data like call logs, text messages and credit card details. Zscaler, the firm which uncovered the malware, adds that the malware shows up in temporary URLs which can be replaced quickly by new ones to ensure that they are not detected.
As soon as an unsuspecting Android device user clicks on any of these links, the malware downloads itself in the device and requests administrative rights to the software. Once it obtains the rights, the malware checks for and uninstalls security applications in the device like Avast, Kaspersky, Dr. Web or other similar apps. Once the security apparatus is completely broken, the malware registers the Android device with a command and control server, whose location is unknown, and proceeds to back up information sent and received by the device like SMS and incoming and outgoing calls in the mother server. The malware’s control over the device is such that it is even capable of ending ongoing calls by itself.
The story doesn’t end there. The next thing that the malware does reveals that its owners aren’t just playing around with the Android ecosystem but systematically using the operating system’s weakness to their financial benefit. If a user, whose device is infected with the malware, tries to access the official play store, the malware creates a fake payment page which pops up and prompts the user to enter his credit card details. Once the user fills in the details, the same are backed up on the mother server. Zscaler notes that the malware is powerful enough and can be used to compromise privacy of Android device users and leak critical information like credit card information which, can in turn, lead to cases of financial banking fraud.
The worst part about the malware is that it is impossible to uninstall or remove from a device even if the user is aware of its presence. This is because the malware has administrative access and denies the user the power to deactivate its administrative rights. In such cases, the user will have no choice but to perform a factory reset of his device to get rid of the malware and protect his confidential information from leaking out. The factory reset, apart from getting rid of the malware, will also delete all his data, so it ultimately ends in a lose-lose scenario for the hapless user.
